github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-24 15:21:42 -05:00
Code Issues 144 Packages Projects Releases 118 Wiki Activity

Touch / Face ID lock has no passcode fallback #308

New Issue
Closed
opened 2025-11-07 08:34:53 -06:00 by GiteaMirror · 10 comments
GiteaMirror commented 2025-11-07 08:34:53 -06:00
Owner
Copy Link

Originally created by @theontho on GitHub (Nov 22, 2018).

You have to logout or take off whatever is covering your face, because your in a cold / polluted environment.

Other password managers let you fall back to imputing your PIN or password without having to log out fully.

I would suggest putting an 'insert password' button on the face id lock screen.

Originally created by @theontho on GitHub (Nov 22, 2018). You have to logout or take off whatever is covering your face, because your in a cold / polluted environment. Other password managers let you fall back to imputing your PIN or password without having to log out fully. I would suggest putting an 'insert password' button on the face id lock screen.
GiteaMirror commented 2025-11-07 08:34:54 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 23, 2018):

This should already be handled by the Touch/Face ID prompt. If it fails or you cancel the prompt you can fall back to the device's PIN instead.

@kspearrin commented on GitHub (Nov 23, 2018): This should already be handled by the Touch/Face ID prompt. If it fails or you cancel the prompt you can fall back to the device's PIN instead.
GiteaMirror commented 2025-11-07 08:34:54 -06:00
Author
Owner
Copy Link

@jacopo-j commented on GitHub (Nov 26, 2018):

@kspearrin actually, no. The app should handle the passcode authentication if Face ID fails. As of now, you are left with the only option of logging out the app.

@jacopo-j commented on GitHub (Nov 26, 2018): @kspearrin actually, no. The app should handle the passcode authentication if Face ID fails. As of now, you are left with the only option of logging out the app.
GiteaMirror commented 2025-11-07 08:34:54 -06:00
Author
Owner
Copy Link

@Sharpe-nl commented on GitHub (Jan 17, 2019):

It actually is falling back on the touch-id password. However I think this lacks security since you can now open your vault with a 4 or 6 character password instead of the master-password for the vault. Best would be if touch-id fails to fall back on the master-password. Correct me if I'm wrong.

@Sharpe-nl commented on GitHub (Jan 17, 2019): It actually is falling back on the touch-id password. However I think this lacks security since you can now open your vault with a 4 or 6 character password instead of the master-password for the vault. Best would be if touch-id fails to fall back on the master-password. Correct me if I'm wrong.
GiteaMirror commented 2025-11-07 08:34:54 -06:00
Author
Owner
Copy Link

@nashbridges commented on GitHub (Feb 10, 2019):

@RubenMeeuw see https://github.com/bitwarden/mobile/issues/412

@nashbridges commented on GitHub (Feb 10, 2019): @RubenMeeuw see https://github.com/bitwarden/mobile/issues/412
GiteaMirror commented 2025-11-07 08:34:54 -06:00
Author
Owner
Copy Link

@Sharpe-nl commented on GitHub (Feb 10, 2019):

@nashbridges Ah thanks, didn't see that thread. I knew that but still it is a security vulnerability. However out of the scope to be resolved by bitwarden alone ;)

@Sharpe-nl commented on GitHub (Feb 10, 2019): @nashbridges Ah thanks, didn't see that thread. I knew that but still it is a security vulnerability. However out of the scope to be resolved by bitwarden alone ;)
GiteaMirror commented 2025-11-07 08:34:54 -06:00
Author
Owner
Copy Link

@luckydonald commented on GitHub (Mar 24, 2019):

In the 1Password app 3x failing the TouchID causes you to enter the vaults password.

Also you can't use TouchID after 24 hours of not using the app, it gets disabled automatically

On my device I have a wonky home button, therefore I actually like the fallback to the short device password. Still, forcing to use the vault's password instead of device methods after 24h of inactivity would be a nice security addition.

@luckydonald commented on GitHub (Mar 24, 2019): In the 1Password app 3x failing the TouchID causes you to enter the vaults password. Also you can't use TouchID after 24 hours of not using the app, it gets disabled automatically On my device I have a wonky home button, therefore I actually like the fallback to the short device password. Still, forcing to use the vault's password instead of device methods after **24h of inactivity** would be a nice security addition.
GiteaMirror commented 2025-11-07 08:34:55 -06:00
Author
Owner
Copy Link

@Crocmagnon commented on GitHub (Mar 25, 2019):

Still, forcing to use the vault's password instead of device methods after 24h of inactivity would be a nice security addition to security

I'd prefer this to be an opt-in, or something we can change the delay to "never". I sometimes don't use my password manager for more than 24 hours and I'd hate it to ask for my loooong passphrase everytime this happens.
But this is more a feature request than a comment on the current thread, so it should be posted on https://community.bitwarden.com

@Crocmagnon commented on GitHub (Mar 25, 2019): > Still, forcing to use the vault's password instead of device methods after 24h of inactivity would be a nice security addition to security I'd prefer this to be an opt-in, or something we can change the delay to "never". I sometimes don't use my password manager for more than 24 hours and I'd hate it to ask for my loooong passphrase everytime this happens. But this is more a feature request than a comment on the current thread, so it should be posted on https://community.bitwarden.com
GiteaMirror commented 2025-11-07 08:34:55 -06:00
Author
Owner
Copy Link

@luckydonald commented on GitHub (Mar 25, 2019):

@Crocmagnon sure, go ahead.

@luckydonald commented on GitHub (Mar 25, 2019): @Crocmagnon sure, go ahead.
GiteaMirror commented 2025-11-07 08:34:55 -06:00
Author
Owner
Copy Link

@Crocmagnon commented on GitHub (Mar 26, 2019):

Sorry, I won't have time for this in the near future, plus it's not my request but yours 😉
Feel free to post in the relevant section of the community forum (I guess app:mobile), I'd be happy to add more info if needed.
Don't forget to link back to this issue for reference 🙂

@Crocmagnon commented on GitHub (Mar 26, 2019): Sorry, I won't have time for this in the near future, plus it's not my request but yours 😉 Feel free to post in the relevant section of the community forum (I guess app:mobile), I'd be happy to add more info if needed. Don't forget to link back to this issue for reference 🙂
GiteaMirror commented 2025-11-07 08:34:55 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jun 4, 2019):

Fingerprint + pin can now be used together in v2.0.

@kspearrin commented on GitHub (Jun 4, 2019): Fingerprint + pin can now be used together in v2.0.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#308
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?