bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2025-12-10 05:13:43 +00:00
Code Issues Releases Wiki Activity
Files
9be8c67fa8b83f1ed59fdd4d17c7408ca8b4b1ac
help/_articles/account/biometrics.md
fred_the_tech_writer 0407739fec Release (#585) 
* Promote to Staging (#567)

* mobile launch in GS Guide

* recovery code note -> when does it change

* EA + forgot MP

* Send in Feature tables

* BE Badge Counter

* Send hidden email option

* weak passwords sort

* safari biometrics

* custom fields - keys

* FIDO Updates

* release notes

* updates to user types article (not rel-related)

* Folders Correction (interplay w/ shared items) (non rel-related)

* Send Options Policy

* Hide Custom Fields Update

* rn updates

* final release edits

* safari-biometrics-updates

* biometrics safari fix

* fido list update

* rn date

* link fix

* Update attachments.md

* Update cli.md

* Update 2020-plan-updates.md

* Update about-bitwarden-plans.md

* Update premium-renewal.md

* Update what-plan-is-right-for-me.md

* Update why-choose-bitwarden-for-your-team.md

* Update about-send.md

* Update create-send.md

* Attachments note
2021-05-11 15:43:50 -04:00

10 KiB
Raw Blame History

layout, title, categories, featured, popular, tags, order
layout title categories featured popular tags order
article Unlock with Biometrics
account-management
false false
unlock
face id
touch id
hello
windows
mac
ios
android
11

Bitwarden can be configured to accept biometrics as a method to unlock your Vault.

Biometrics can only be used to unlock your Vault, you will still be required to use your Master Password and any enabled [Two-step Login method]({% link _articles/two-step-login/setup-two-step-login.md %}) when you log in. If you're not sure of the difference, scroll down to Understanding Unlock vs. Log In.

{% callout success %} Biometric features are part of the built-in security in your device and/or operating system. Bitwarden leverages native APIs to perform this validation, and therefore Bitwarden does not receive any biometrics information from the device. {% endcallout %}

Enable Unlock with Biometrics

Unlock with Biometrics can be enabled for Bitwarden on Mobile, Desktop, and Browser Extensions:

{% capture mobile_info %}

Enable for Mobile

Unlock with Biometrics is supported for Android (Google Play or FDroid) via fingerprint unlock{:target="_blank"} or face unlock{:target="_blank"}, and for iOS via Touch ID{:target="_blank"} and Face ID{:target="_blank"}.

To enable Unlock with Biometrics for your Mobile device:

  1. In your device's native settings (e.g. the iOS {% icon fa-cog %} Settings app), make sure your biometric method is turned on.
  2. In your Bitwarden app, open the {% icon fa-cogs %} Settings tab.
  3. Scroll down to the Security section and tap the biometrics option you want to enable. What's available on this screen is determined by your device's hardware capabilities and what you've enabled (Step 1), for example:

{% image /biometrics/ios_faceid.jpeg Enable Face ID in iOS%}

Tapping the option should prompt you to input your biometric (i.e. face or thumb-print). A green Enabled status indicator (pictured above) will indicate when Unlock with Biometrics is successfully enabled.

{% endcapture %} {{ mobile_info | markdownify}}

{% capture desktop_info %}

Enable for Desktop

Unlock with Biometrics is supported for Windows via Windows Hello{:target="_blank"} using PIN, Facial Recognition, or other hardware that meets Windows Hello biometric requirements{:target="_blank"} and for macOS via Touch ID{:target="_blank"}.

To enable Unlock with Biometrics for your Desktop app:

  1. In your device's native settings (e.g. the macOS {% icon fa-cog %} System Preferences app), make sure your biometric method is turned on.

    {% callout success%}Windows Users may need to install the Microsoft Visual C++ Redistributable{:target="_blank"} before Windows Hello can be turned on in Desktop Preferences.{% endcallout %}

  2. In your Bitwarden app, open your Settings (on Windows, FileSettings) (on macOS, BitwardenPreferences).

  3. Scroll down to the Security section and select the biometrics option you want to enable. What's available on this screen is determined by your device's hardware capabilities and what you've turned on (Step 1), for example:

    {% image /biometrics/windows.png Unlock with Windows Hello %}

Once enabled, a new button will be presented on the Unlock screen:

{% image /biometrics/hello-unlock.png Unlock with Windows Hello %}

{% endcapture %} {{ desktop_info | markdownify}}

{% capture browser_extension %}

About Biometrics in Browser Extensions

Unlock with Biometrics is supported for Extensions through an integration with the Bitwarden Desktop app. In practical terms, this means:

  1. For all Browser Extensions, you will need to enable Unlock with Biometrics in Desktop before proceeding. For all except Safari, the Bitwarden Desktop app must be logged in and running in order to use Unlock with Biometrics for a Browser Extension.
  2. Browser Extensions support the same biometrics options as Desktop; for Windows via Windows Hello{:target="_blank"} using PIN, Facial Recognition, or other hardware that meets Windows Hello biometric requirements{:target="_blank"} and for macOS via Touch ID{:target="_blank"}.

Two things to bear in mind before enabling the integration are Permissions and Supportability, documented below:

Permissions

To facilitate this integration, browser extensions except Safari will ask you to accept a new permission for Bitwarden to communicate with cooperating native applications. This permission is safe, but optional, and will enable the integration that is required to enable Unlock with Biometrics.

Declining this permission will allow you to use the Browser Extension as normal, without Unlock with Biometrics functionality.

Supportability

Unlock with Biometrics is supported for Extensions on Chromium-based browsers (Chrome, Edge, Opera, Brave, etc.), Firefox 87+, and Safari 14+. Unlock with Biometrics is currently not supported for:

  • Firefox ESR (Firefox v87+ will work).
  • Microsoft App Store Desktop Apps (a side-loaded Windows Desktop App, available at bitwarden.com/download{:target="_blank"} will work fine).
  • Side-loaded MacOS Desktop Apps (an App Store Desktop app will work fine).

Enable for Browser Extensions

To enable Unlock with Biometrics for your Browser Extension:

{% callout success %}Biometrics must be enabled in your Desktop App before proceeding. Additionally, if you're using Safari, you can skip straight to Step 4.{% endcallout %}

  1. In your Bitwarden Desktop app, navigate to Settings (on Windows, FileSettings) (on macOS, BitwardenPreferences).

  2. Scroll down to the Options section, and check the Enable Browser Integration box.

    {% callout info %}Optionally, check the Require verification for browser integration option to require [account fingerprint]({% link _articles/features/fingerprint-phrase.md %}) verification when you activate the integration.{% endcallout %}

  3. In your Browser, navigate to the Extensions manager (e.g. chrome://extensions or brave://extensions), open Bitwarden, and toggle the Allow access to file URLs option.

    Not all browsers will require this to be toggled on, so feel free to skip this step and circle back to it only if the remaining procedure doesn't work.

  4. In your Browser Extension, open the {% icon fa-cogs %} Settings tab.

  5. Scroll down to the Security section and check the Unlock with biometrics box.

    {% callout success %}You may be prompted at this stage to allow Bitwarden to communicate with cooperating native applications. This permission is safe, but optional and solely enables the Browser Extension to communicate with Desktop as described above.{% endcallout %}

    You should be prompted by your Desktop app to input your biometric. Doing so will complete the initial setup procedure. If you've opted to require verification (Step 2), you'll need to approve a fingerprint validation check.

Once enabled, a new button will be presented on the Unlock screen:

{% image /biometrics/be-bio-unlock.png Unlock with Biometrics %}

{% endcapture %} {{ browser_extension | markdownify}}

Understanding Unlock vs. Log In

In order to understand why unlocking and logging in aren't the same, it's important to remember that Bitwarden [never stores unencrypted data]({% link _articles/security/vault-data.md %}) on its servers. When your Vault is neither unlocked nor logged in, your Vault data only exists on the server in its [encrypted form]({% link _articles/security/what-encryption-is-used.md %}).

Logging in to Bitwarden decrypts your Vault data to your device. In practice, that means two things:

  1. Logging in will always require your Master Password, because your Master Password is the source of the key needed to decrypt your Vault data. Additionally, because decryption is an operation that needs to be protected, this stage is where [any enabled Two-step Login methods]({% link _articles/two-step-login/setup-two-step-login.md %}) would be required.
  2. Logging in will always require you to be connected to the internet (or, if you're self-hosting, connected to the server), because you need access to the encrypted Vault in order to decrypt it.

Unlocking can only be done when you're already logged in. In other words, only when your Vault data is already stored (encrypted) on your device. Because your Vault is already downloaded and your decryption key stored in memory:

  1. You don't need the decryption key derived from your Master Password, so you're free to use other access methods, like [PIN codes]({% link _articles/account/unlock-with-pin.md %}) and [biometrics]({% link _articles/account/biometrics.md %}).
  2. You don't need to be connected to the internet (or, if you're self-hosting, connected to the server).