iOS requiring master password every time when autofill despite vault timeout value #1429

New Issue

Closed

opened 2025-11-26 22:48:53 -06:00 by GiteaMirror · 3 comments

GiteaMirror commented 2025-11-26 22:48:53 -06:00

Owner

Copy Link

Originally created by @xingped on GitHub (Mar 18, 2022).

Steps To Reproduce

1. Unlock vault and set vault timeout to 4hrs
2. Open browser (any) and go to login page
3. Click on login form field
4. Click passwords option on iOS keyboard
5. See that master password prompt is displayed

Expected Result

Vault master password prompt should not display (like on Android)

Actual Result

Master password prompt displays

Screenshots or Videos

No response

Additional Context

No response

Operating System

iOS

Operating System Version

15.3.1

Device

iPad 9th gen

Build Version

Version: 2.16.2 (1434)

Beta

• Using a pre-release version of the application.

Originally created by @xingped on GitHub (Mar 18, 2022). ### Steps To Reproduce 1. Unlock vault and set vault timeout to 4hrs 2. Open browser (any) and go to login page 3. Click on login form field 4. Click passwords option on iOS keyboard 5. See that master password prompt is displayed ### Expected Result Vault master password prompt should not display (like on Android) ### Actual Result Master password prompt displays ### Screenshots or Videos _No response_ ### Additional Context _No response_ ### Operating System iOS ### Operating System Version 15.3.1 ### Device iPad 9th gen ### Build Version Version: 2.16.2 (1434) ### Beta - [ ] Using a pre-release version of the application.

GiteaMirror added the bug label 2025-11-26 22:48:53 -06:00

GiteaMirror closed this issue 2025-11-26 22:48:53 -06:00

GiteaMirror commented 2025-11-26 22:48:54 -06:00

Author

Owner

Copy Link

@Larry-Sussman commented on GitHub (May 17, 2022):

Hi @xingped, thanks for submitting this issue report! Unfortunately, this is a limitation of iOS and our iOS Bitwarden app will prompt for authentication every time, unlike on Android. Kyle has mentioned this in a Reddit thread here, and I'll paste a quote below:

iOS extensions do not share the same memory space with the main app. So it is not possible for us to share the same lock timer. Therefore, the extension locks every time you close it.

A potential workaround for you to save time in this scenario is to use biometric unlock on your Bitwarden app on iOS, you can learn more about this here: https://bitwarden.com/help/biometrics/

I hope this helps shed some light on this issue, thanks again for the report! 😄

@Larry-Sussman commented on GitHub (May 17, 2022): Hi @xingped, thanks for submitting this issue report! Unfortunately, this is a limitation of iOS and our iOS Bitwarden app will prompt for authentication every time, unlike on Android. Kyle has mentioned this in a Reddit thread [here](https://www.reddit.com/r/Bitwarden/comments/cbgypq/comment/etflucz/?utm_source=reddit&utm_medium=web2x&context=3), and I'll paste a quote below: > iOS extensions do not share the same memory space with the main app. So it is not possible for us to share the same lock timer. Therefore, the extension locks every time you close it. A potential workaround for you to save time in this scenario is to use biometric unlock on your Bitwarden app on iOS, you can learn more about this here: https://bitwarden.com/help/biometrics/ I hope this helps shed some light on this issue, thanks again for the report! 😄

GiteaMirror commented 2025-11-26 22:48:54 -06:00

Author

Owner

Copy Link

@d0x7 commented on GitHub (Oct 7, 2023):

Before opening a new issue, I thought I'd comment there. What you stated is actually incorrect. I've been using Bitwarden for a few years now and I had it setup so that it autofills without any further auth, no password, no touch/face id. Now, with iOS 17, this behavior has changed. I need to enter the master password every single time I wanna fill something. In some apps that have username and password on different intents, I need to enter my master password twice - once for the username/email field, to then be taken to the next intent with a password field and be required to fill my master password again. Afaic it's usually that you need to enter bio (face/touch), even if not enabled in Bitwarden (iPhone thing), but if you go into your iOS settings -> Touch/Face ID & password and in there disable the "Use Touch/Face ID for: AutoFill password", then is completely auth-less; so to speak. Can just click the username/email above the keyboard in a login intent and it instantly fills without further popups. With iOS 17 this is no longer the case. I need to enter the Bitwarden master PW every time, which is both super annoying and frustrating, but also defeats the point of a password manager, if I have to enter my, well, password every time i wanna auto fill another one. Not sure what you mean about shared memory and such, because the settings on the Bitwarden app are clearly set to never lock, do not use touch/Face ID, do not use a passcode. So this is from my point of view definitely a bug, or bad design. I've temporarily migrated to a competitor, because this behavior is unacceptable if I have hundreds of auto fills a day on which I need to enter my master pass every single time, sometimes twice because of separate user/pass intents, but I would prefer to stay with Bitwarden in the long run if this gets fixed. Two other PW manager do not have this issue on iOS and are working like Bitwarden did in pre-iOS 17.

@d0x7 commented on GitHub (Oct 7, 2023): Before opening a new issue, I thought I'd comment there. What you stated is actually incorrect. I've been using Bitwarden for a few years now and I had it setup so that it autofills without any further auth, no password, no touch/face id. Now, with iOS 17, this behavior has changed. I need to enter the master password every single time I wanna fill something. In some apps that have username and password on different intents, I need to enter my master password twice - once for the username/email field, to then be taken to the next intent with a password field and be required to fill my master password again. Afaic it's usually that you need to enter bio (face/touch), even if not enabled in Bitwarden (iPhone thing), but if you go into your iOS settings -> Touch/Face ID & password and in there disable the "Use Touch/Face ID for: AutoFill password", then is completely auth-less; so to speak. Can just click the username/email above the keyboard in a login intent and it instantly fills without further popups. With iOS 17 this is no longer the case. I need to enter the Bitwarden master PW every time, which is both super annoying and frustrating, but also defeats the point of a password manager, if I have to enter my, well, password every time i wanna auto fill another one. Not sure what you mean about shared memory and such, because the settings on the Bitwarden app are clearly set to never lock, do not use touch/Face ID, do not use a passcode. So this is from my point of view definitely a bug, or bad design. I've temporarily migrated to a competitor, because this behavior is unacceptable if I have hundreds of auto fills a day on which I need to enter my master pass every single time, sometimes twice because of separate user/pass intents, but I would prefer to stay with Bitwarden in the long run if this gets fixed. Two other PW manager do not have this issue on iOS and are working like Bitwarden did in pre-iOS 17.

GiteaMirror commented 2025-11-26 22:48:54 -06:00

Author

Owner

Copy Link

@eliphatfs commented on GitHub (Jun 1, 2024):

Still meeting this in 2024... Just switched from another password manager and feel very disappointed about this. even using faceid, which can possibly be less safe than the master password, it is a much slower workflow if i need to do once for user, once for password, once for totp/passkey.

@eliphatfs commented on GitHub (Jun 1, 2024): Still meeting this in 2024... Just switched from another password manager and feel very disappointed about this. even using faceid, which can possibly be less safe than the master password, it is a much slower workflow if i need to do once for user, once for password, once for totp/passkey.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

sdlc/sdk-update

fix/PM-33394-throwable-extensions

fix/PM-33394-sync-unlock-error

PM-24380/flight-recorder-redact-hostname

release/2026.3-rc48

claude/android-implementer-agent

PM-26577-app-links-support

PM-26896-autofill-fix

renovate/lock-file-maintenance

release/2026.2-rc47

PM-32714/fallback-to-web-vault-host

pr-6572

PM-28834/setting-app-layout-horizonos

vvolkgang/process-release-notes-v2

release/2026.2-rc46

release/2026.1-rc45

PM-30644/added-logs-for-debug

PM-30644/quicktile-nav-not-showing-migration

minor-gradle-updates

release/2026.1-rc42

release/2026.1-rc44

release/2026.1-rc43

PM-28834/set-landscape-on-horizonos-devices

context-rules

devclarity/update-code-review-command

PM-20026/force-ltr-passwords-and-codes

release/2025.12-rc41

cmcg/testCoverage

claude-skill/creating-feature-flags

PM-29014/talkback-support-for-passwords

release/2025.12-rc40

BRE-1305/publish_test

accept-user-certs

autofill-permissions

release/2025.11-rc39

PM-22479/check-all-certificates-validate-asset-links

release/2025.10-rc38

agalles/android-latest

optimize-test-workflows

tier2-test-sharding

retro-agent

PM-27001/skip-account-selection-only-one-exists-cxp

release/2025.10-rc37

agalles/test-1118

release/2025.10-rc36

PM-20593-token-refresh

QA-1126b/adding-native-sanity-test

release/2025.9-rc35

pm-25933/sdk-update-password

release/2025.9-rc34

release/2025.8-rc33

agalles/20250821-release

debug-release-issues

pm-24249-allow-automated-prs-for-sdk-updates

release/2025.8-rc32

release/WORKFLOW-TEST-2025.8-rc28

agalles/20250807release

release/2025.07-rc25

release/hotfix-v2025.7.0-bwa

pm-23311/export-vault-policy-bypass

release/2025.07-rc24

authenticator-pm-sync-flags-issue

ps/implement-sdk-repository-example

release/hotfix-v2025.6.0-bwpm

release/2025.06-rc21

agalles/automate-android-fastlane-patch

release/2025.05-rc20

release/2025.04-rc19

languages/basque

release/2025.03-rc19

update-readme

qrcode/feature

innovation/archive/pm-19153-archive-items

qrcode/2-ui-fields

qrcode/1-page

hold-on-biometric-prompt-alternative

release-notes-process

release/2025.02-rc16

bwa-monorepo

PM-8223/new-device-verification-ux-improvements

pm-18451/exempt-from-policies

test-bwa

cs-workaround-linked-0-copy

release/2025.01-rc15

release/2025.01-rc14

release/2024.12-rc13

pm-16670/sync-leave-notice

821

PM-16695/backport-lean-more-new-device-verification

km/15084-testing

release/hotfix-v2024.11.7

release/2024.11-rc1

pm-11304/collection-add-item-button

PM-14241/disabling-logs-app-crash

poc/offline-editing

new-version-calc

pm-11649/expired-link-services

pm-6702/add-feature-flag

pm-6702/email-verification-feature

pm-9933/marketing-copy-update

pm-6702/registration-flows

update-templates

pm-6701/email-verification-selfhost-registration

v2026.2.1-bwpm

v2026.2.1-bwa

v2026.2.0-bwpm

v2026.2.0-bwa

v2026.1.1-bwa

v2026.1.1-bwpm

temp-test

v2026.1.0-bwpm

v2026.1.0-bwa

v2025.12.1-bwa

v2025.12.1-bwpm

v2025.12.0-bwa

v2025.12.0-bwpm

v2025.11.1-bwpm

v2025.11.1-bwa

v2025.11.0-bwpm

v2025.11.0-bwa

v2025.10.1-bwa

v2025.10.1-bwpm

v2025.10.0-bwa

v2025.10.0-bwpm

v2025.9.1-bwa

v2025.9.1-bwpm

v2025.9.0-bwa

v2025.9.0-bwpm

v2025.8.1-bwa

v2025.8.1-bwpm

v2025.8.0-bwa

v2025.8.0-bwpm

v2025.7.2-bwa

v2025.7.2-bwpm

v2025.7.1-bwa

v2025.7.1-bwpm

v2025.7.0-bwa

v2025.7.0-bwpm

v2025.6.1-bwpm

v2025.6.0-bwa

v2025.6.0-bwpm

v2025.1.0-bwa

v2025.5.0-bwa

v2025.5.0-bwpm

v2025.5.999

2025.4.0

v2025.4.0

untagged-4731eaadac73f3dfbbb8

v2025.3.0

v2025.2.0

untagged-815a165c5d70ffe75bc7

v2025.1.2

v2025.1.1

v2025.1.0

v2024.12.0

untagged-5a76b6392a4c8998c63a

v2024.11.7

v2024.11.6

v2024.11.5

v2024.11.4

v2024.11.3

v2024.11.2

v2024.11.1

v2024.11.0

v2024.10.2

v2024.10.1

v2024.10.0

v2024.9.0

v2024.8.1

v2024.8.0

v2024.7.3

v2024.7.2

v2024.7.1

v2024.7.0

v2024.6.1

v2024.6.0

v2024.5.1

v2024.4.1

v2024.4.2

v2024.4.0

v2024.3.3

v2024.3.1

v2024.3.0

v2024.2.1

v2024.2.0

v2024.1.1

v2024.1.0

v2023.12.0

v2023.10.0

v2023.9.2

maui-single-project-android

v2023.9.1

v2023.9.0

v2023.8.0

v2023.7.0

v2023.5.0

v2023.4.0

v2023.3.2

v2023.3.1

v2023.3.0

v2023.2.0

v2023.1.0

v2022.11.0

v2022.10.0

v2022.9.1

v2022.9.0

v2022.8.0

v2022.6.2

v2022.6.1

v2022.6.0

v2022.05.0

v2.18.0

v2.17.0

v2.16.4

v2.16.3

v2.16.2

v2.16.1

v2.15.0

v2.14.2

v2.14.1

v2.14.0

v2.13.0

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.1

v2.9.0

v2.8.2

v2.8.1

v2.8.0

v2.7.2

v2.7.0

v2.6.1

v2.6.0

v2.5.6

v.2.5.5

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.8

v2.2.7

v2.2.6

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.0

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.22.1

v1.22.0

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.4

v1.14.1

v1.14.0

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.5

v1.6.1

v1.6.0

v1.5.1

v1.5.0

v1.4.4

v1.4.3

v1.4.0

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels

app:authenticator

app:password-manager

bug

bug-passkey

customer-support

duplicate

enhancement

good first issue

help wanted

needs-reply

needs-response

pull-request

Mirrored from GitHub Pull Request

question

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/android#1429