search

bitwarden / android

Bitwarden mobile app for Android.
https://bitwarden.com
GNU General Public License v3.0
5.94k stars 775 forks source link

iOS requires entering Master Password every time #2049

Closed rjboczar closed 1 year ago

rjboczar commented 1 year ago

Steps To Reproduce

  1. Install Bitwarden.
  2. Sign in.
  3. Enable Autofill in General -> Passwords.
  4. Open Safari or an app with a login.
  5. Click the autofill button to attempt to fill in the password.

Expected Result

If logged in to Bitwarden and not timed out, the username and password should autofill. I shouldn't have to enter the master password for every login.

Actual Result

The master password prompt comes up. If the master password is entered, the credentials are correctly filled in.

Screenshots or Videos

This video shows me opening the Bitwarden app, unlocking the vault (timeout is set to lock at 4 hours), opening Safari, and opening github.com and icloud.com in tabs. I am asked to provide the master password for both.

https://user-images.githubusercontent.com/7197136/187053723-8e78a82a-465e-47fd-acc5-f0bd64ce8707.mp4

Additional Context

Up until a week or two ago it would work correctly until Bitwarden would timeout. Tried allowing PIN, changing vault timer, enabling/re-enabling Passwords autofill + browser extension; none worked.

As an aside, the help page (https://bitwarden.com/help/auto-fill-ios/) seems to imply only one autofill method should be used (password Autofill vs browser). However, it seems like the Safari extension may be "stuck:" even after Bitwarden is un/reinstalled: both the Safari Bitwarden prompt and the keyboard Bitwarden prompt come up in Safari, and both require the master password.

Operating System

iOS

Operating System Version

15.6.1, also the previous one (updated to try to fix)

Device

iPhone 12

Build Version

2022.8.0

Beta

rjboczar commented 1 year ago

Additionally, I just set up a brand new iPad Air 5th gen, using the "import settings from iPhone" setup feature. The bug persists on the iPad, making me think there may be some uncleared Safari setting that remains on my iPhone/iPad.

THEOCKID commented 1 year ago

this is not happening to me on iPhone 14 w/ 16.0.2. I go to settings in BW app, (I actually have my timeout set to never, but whatever), vault timeout action Lock, unlock with face id On, Unlock with PIN code On, and when I enabled the last I told it NO to the pop up "UNLOCK WITH PIN CODE: Do you want to require unlocking with your master password when the application is restarted?"

Larry-Sussman commented 1 year ago

Hi @rjboczar, thanks for the report!

Your issue appears to be describing the expected behavior of the software. iOS appears to limit our ability to have your vault remain unlocked for that prompt. There's some more context in this thread: https://www.reddit.com/r/Bitwarden/comments/cbgypq/comment/etflucz/?utm_source=share&utm_medium=web2x&context=3

This issue will now be closed. Thanks!

eugenesvk commented 1 year ago

Could this please be described in the official docs rather than some reddit thread?

So it is not possible for us to share the same lock timer. Therefore, the extension locks every time you close it.

Also, the second part doesn't follow from the first. Can you not create a separate timer, but one which is not zero?

wied03 commented 1 year ago

The way I read this @Larry-Sussman, not sharing a lock timer with the main app does not mean that autofill can't have its own timer. Any time the username/password prompts are on separate screens, this means filling out the master password twice.

slinkp commented 1 year ago

Thanks for response @Larry-Sussman . I think that if this is expected behavior, then the app and settings documentation should not imply otherwise. I cannot find anything outside of that 4 year old reddit thread.