I really hate how Bitwarden handles fingerprint 2FA. I just wanted it for the secure passwords that I use re-prompt for master password and I found it’s utterly useless for that!
Why? For standard forums and that I don’t have it re-prompt and just remain logged in but for the secure sites I have it re-prompt for master password. Now I ifnd the biometric is totally useless as it becomes cumbersome to have it re-lock all the time.
You usecase is basically you want to keep Bitwarden unlocked all the time so you can autofill without unlocking, and to supply biometric to unlock your most important accounts, not using your complicated master password.
The fact is, Bitwarden doesn’t yet have this feature, but you can vote for the feature here:
For now, it may be just easier (and way faster) to change your habit of locking/unlocking Bitwarden/your computer. For your unimportant accounts, just don’t log out so you don’t have to use Bitwarden to log in, mostly. For your important accounts, log out, but unlock Bitwarden with biometrics (without the master password reprompt) and autofill the login.
If you are categorizing your accounts as “unimportant” vs. “important”, then I would suggest using a completely separate Bitwarden account for you important accounts, which you can properly safeguard (and access relatively easily using Bitwarden’s account switching functionality).
The fact is, anytime that you vault is unlocked, all of your vault items (whether protected by “master password reprompt” or not) are at risk, and can be stolen by an attacker with relative ease (even if the attacker does not know the master password). Thus, adding a biometric prompt to replace or supplement the “master password reprompt” is not going to increase the security of items that are contained within a vault hat has been left unlocked.
Neither of these is practical I found myself locked out of my logins for work and had to disable all 2FA just so I could get logged into my work tools. Two accounts would be a nightmare right now as I have over the years over 1100 sign ins or secure notes saved. No way to check easily for any sites no longer accessible or around either.
I was hoping it would only affect login for my personal PC and use the normal authentication for work where I have to type in master password… but nope does not work like that.
Since Bitwarden does not have any real cleanup tools for duplicates or that I don’t see an easy way to transfer logins from one account to another. A lot of duplicates created over time by Bitwarden.
Neither of what? The text that you quoted was not a suggestion, it was just a warning about the risk of leaving your vault unlocked (a risk that is not substantially mitigated by enabling “master password reprompt”, and that would not be mitigated by introducing a fingerprint challenge in the reprompt, either).
Regardless, it seems that you are here primarily to express your frustrations, and I hope that you feel a little better after venting.
If you have have any questions about what is or is not possible to do in Bitwarden, or if you would be interested in advice about how to organize your vault data, feel free to ask.
Just for clarification: Bitwarden doesn’t have a “fingerprint 2FA”. The five options to set up 2FA for your Bitwarden account are:
“Passkey” (FIDO2 credential)
Authenticator app (–> TOTP codes)
E-Mail
Yubico OTP (premium and only with certain Yubikeys)
DUO (premium)
Only the “passkey”-2FA-option might involve PIN or biometrics, but only when setting it up, I guess.
PS: To the title “Why is Bitwarden Fingerprint Biometric not able to replace master password?”: though Bitwarden doesn’t have it’s own biometrics solutions but uses the one’s that are available (Windows Hello, Face ID, Touch ID, Android phones…), what would come close to replacing the master password would be the “login with passkey”-feature, which is still in Beta and only available for the web vault (and depends on mainly having an OS, browser and “wallet”/storage location for that passkey, all supporting PRF for it to work “with encryption”, i.e. not having to enter the master password for logging in) - for more info, see here: Log in with Passkeys | Bitwarden Help Center
Also wondering if OP has a clear understanding of the distinction between login vs unlock.
Most of us keep the vault on our devices “permanently” logged in and have it lock automatically after a period of time. The reason we do this is because the convenience of biometrics (fingerprint, faceid) and PIN can only be used for unlock.
Yes using Windows Hello and yes I only wanted it for unlock but when I enabled Biometrics it would no longer let me in on other devices because it set it to 2FA. I just wanted to use the fingerprint to unlock on PC.
Is there another method to do this in Bitwarden as I could not see anyway.