Touch / Face ID lock has no passcode fallback

[Us7eLk57EhxESNUUrItBvcWGcuVxyInwDU6TpJH]

You have to logout or take off whatever is covering your face, because your in a cold / polluted environment.

Other password managers let you fall back to imputing your PIN or password without having to log out fully.

I would suggest putting an 'insert password' button on the face id lock screen.

[pPmnBRRYhIemiuiy3VBYULJIzQyZaEvWMbCPH1P]

This should already be handled by the Touch/Face ID prompt. If it fails or you cancel the prompt you can fall back to the device's PIN instead.

[4jkgbMo7bsj3cgBnLqvoBZgW8L4Jo5elfVuln3f]

@kspearrin actually, no. The app should handle the passcode authentication if Face ID fails. As of now, you are left with the only option of logging out the app.

[3c5Sebknn9hFYsXaZcKPADPyB65u04WJ0s1Stz9]

It actually is falling back on the touch-id password. However I think this lacks security since you can now open your vault with a 4 or 6 character password instead of the master-password for the vault. Best would be if touch-id fails to fall back on the master-password. Correct me if I'm wrong.

[bcHC2T7goMNIl9xyuXJ0BKCXWQCvvIoNNPBSkIP]

@RubenMeeuw see https://github.com/bitwarden/mobile-maui/issues/412

[3c5Sebknn9hFYsXaZcKPADPyB65u04WJ0s1Stz9]

@nashbridges Ah thanks, didn't see that thread. I knew that but still it is a security vulnerability. However out of the scope to be resolved by bitwarden alone ;)

[4sJik1j2BDol7f38NwPOlwAVqvb5akDbiuhBYBT]

In the 1Password app 3x failing the TouchID causes you to enter the vaults password.

Also you can't use TouchID after 24 hours of not using the app, it gets disabled automatically

On my device I have a wonky home button, therefore I actually like the fallback to the short device password. Still, forcing to use the vault's password instead of device methods after 24h of inactivity would be a nice security addition.

[1MxBiJMMU4kKwnPQd8TLljnX5FZiMswtcMxdFAT]

Still, forcing to use the vault's password instead of device methods after 24h of inactivity would be a nice security addition to security

I'd prefer this to be an opt-in, or something we can change the delay to "never". I sometimes don't use my password manager for more than 24 hours and I'd hate it to ask for my loooong passphrase everytime this happens. But this is more a feature request than a comment on the current thread, so it should be posted on https://community.bitwarden.com

[4sJik1j2BDol7f38NwPOlwAVqvb5akDbiuhBYBT]

@Crocmagnon sure, go ahead.

[1MxBiJMMU4kKwnPQd8TLljnX5FZiMswtcMxdFAT]

Sorry, I won't have time for this in the near future, plus it's not my request but yours 😉 Feel free to post in the relevant section of the community forum (I guess app:mobile), I'd be happy to add more info if needed. Don't forget to link back to this issue for reference 🙂

[pPmnBRRYhIemiuiy3VBYULJIzQyZaEvWMbCPH1P]

Fingerprint + pin can now be used together in v2.0.