I probably should have created one request covering both changes.Bitwarden is a freemium open-source password management service that stores confidential information such as website credentials in an encrypted vault. In the first one I expected a PIN prompt, and in the second one (this one) I expect no prompt. The first one I posted was for the app logged in but locked, and the second one (this one) is for the app unlocked.
They are different issues but they are definitely very related and possibly have the same root cause.
I’m guessing it’s not the intended behavior for the reason you stated and because Android behaves Good question. That’s great input if someone tries to fix this. I just replicated your statement: if I configure to not require the MP after the app is force-quit, when I try to Auto-Fill I am indeed prompted for the PIN.
unlock with PIN code: Thanks, very interesting! When setting up Unlock with PIN, I did indeed configure to require the MP after the app is force-quit – for the sake of increased security. BW is currently making me manually paste, which is very I have: Security 4: Manually pasting credentials into any app is dangerous because it bypasses the domain/host check that BW does before it Auto-fills. But see the previous bullet: I’m not willing to enter my master password while another app is active. For those apps, using Bitwarden’s Auto-Fill – which seems to bypass the block – is the only reasonable way to get my complex password into the password field. Security 3: There are some apps whose creators have blocked pasting into the password field. So currently I can’t use the Auto-fill feature, and I instead need to go to the Bitwarden app to copy the credential’s password whenever I would otherwise use Auto-fill. Capturing my master password is very bad, and I will never enter my master password into a dialog that might be controlled by another app. Security 2: If the app I’m trying to Auto-fill into is malicious, it could (I assume) bring up a fake Bitwarden master password prompt dialog to capture my master password. Given that my phone unlock with biometrics, I don’t want a critical app – Bitwarden – to unlock in the same way. Security 1: I want Auto-fill using PIN instead of using biometrics because my phone unlocks with biometrics. Convenience: I’ve already unlocked the app, why should I need to log in again for an Auto-fill?. BW auto-fills the credentials without any further authentication. Proposed behavior: I invoke Bitwarden’s Auto-fill to fill credentials in some app. BW prompts me to enter my master password, even though the app is already unlocked. My BW app/vault is unlockedĬurrent behavior: I invoke Bitwarden’s Auto-fill to fill credentials in some app. Precondition: Unlock with PIN is enabled.
0 kommentar(er)
