Net 7 platforms migration initial

2025-12-12 14:23:26 +00:00 · 2023-07-28 16:23:14 -03:00
112 changed files with 2088 additions and 3897 deletions
--- a/bitwarden-mobile.sln
+++ b/bitwarden-mobile.sln
@@ -3,8 +3,6 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 16
 VisualStudioVersion = 16.0.29009.5
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Android", "src\Android\Android.csproj", "{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "App", "src\App\App.csproj", "{EE44C6A1-2A85-45FE-8D9B-BF1D5F88809C}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Core", "src\Core\Core.csproj", "{4B8A8C41-9820-4341-974C-41E65B7F4366}"
@@ -32,19 +30,15 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Publisher", "store\google\Publisher\Publisher.csproj", "{256F9E44-0AF5-4D97-A2F9-DA26080C0A5D}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS.Core", "src\iOS.Core\iOS.Core.csproj", "{E71F3053-056C-4381-9638-048ED73BDFF6}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS", "src\iOS\iOS.csproj", "{599E0201-420A-4C3E-A7BA-5349F72E0B15}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS.Extension", "src\iOS.Extension\iOS.Extension.csproj", "{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Common", "test\Common\Common.csproj", "{4085B0A5-12A9-4993-B8B8-4ACE72E62E39}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Core.Test", "test\Core.Test\Core.Test.csproj", "{8AE548D9-A567-4E97-995E-93EC7DB0FDE0}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS.ShareExtension", "src\iOS.ShareExtension\iOS.ShareExtension.csproj", "{F8C3F648-EA5A-4719-8005-85D1690B1655}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS", "src\iOS\iOS.csproj", "{599E0201-420A-4C3E-A7BA-5349F72E0B15}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS.Autofill", "src\iOS.Autofill\iOS.Autofill.csproj", "{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "iOS.Core", "src\iOS.Core\iOS.Core.csproj", "{E71F3053-056C-4381-9638-048ED73BDFF6}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Android", "src\Android\Android.csproj", "{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -65,51 +59,6 @@ Global
 		Release|iPhoneSimulator = Release|iPhoneSimulator
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|Any CPU.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|Any CPU.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|Any CPU.Deploy.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhone.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhone.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhone.Deploy.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhoneSimulator.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhoneSimulator.Deploy.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|Any CPU.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|Any CPU.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|Any CPU.Deploy.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhone.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhone.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhone.Deploy.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhoneSimulator.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhoneSimulator.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhoneSimulator.Deploy.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|Any CPU.Deploy.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhone.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhone.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhone.Deploy.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhoneSimulator.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhoneSimulator.Deploy.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|Any CPU.ActiveCfg = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|Any CPU.Build.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|Any CPU.Deploy.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhone.ActiveCfg = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhone.Build.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhone.Deploy.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhoneSimulator.ActiveCfg = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhoneSimulator.Build.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhoneSimulator.Deploy.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|Any CPU.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|Any CPU.Deploy.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhone.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhone.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhone.Deploy.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhoneSimulator.Deploy.0 = Release|Any CPU
 		{EE44C6A1-2A85-45FE-8D9B-BF1D5F88809C}.Ad-Hoc|Any CPU.ActiveCfg = Release|Any CPU
 		{EE44C6A1-2A85-45FE-8D9B-BF1D5F88809C}.Ad-Hoc|Any CPU.Build.0 = Release|Any CPU
 		{EE44C6A1-2A85-45FE-8D9B-BF1D5F88809C}.Ad-Hoc|Any CPU.Deploy.0 = Release|Any CPU
@@ -242,91 +191,6 @@ Global
 		{256F9E44-0AF5-4D97-A2F9-DA26080C0A5D}.Release|iPhone.Build.0 = Release|Any CPU
 		{256F9E44-0AF5-4D97-A2F9-DA26080C0A5D}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
 		{256F9E44-0AF5-4D97-A2F9-DA26080C0A5D}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|Any CPU.ActiveCfg = Ad-Hoc|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|Any CPU.Build.0 = Ad-Hoc|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhone.ActiveCfg = Ad-Hoc|iPhone
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhone.Build.0 = Ad-Hoc|iPhone
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Ad-Hoc|iPhoneSimulator
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhoneSimulator.Build.0 = Ad-Hoc|iPhoneSimulator
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|Any CPU.ActiveCfg = AppStore|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|Any CPU.Build.0 = AppStore|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|iPhone.ActiveCfg = AppStore|iPhone
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|iPhone.Build.0 = AppStore|iPhone
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|iPhoneSimulator.ActiveCfg = AppStore|iPhoneSimulator
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|iPhoneSimulator.Build.0 = AppStore|iPhoneSimulator
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|iPhone.ActiveCfg = Debug|iPhone
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|iPhone.Build.0 = Debug|iPhone
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|Any CPU.ActiveCfg = FDroid|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|Any CPU.Build.0 = FDroid|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|iPhone.ActiveCfg = FDroid|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|iPhone.Build.0 = FDroid|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|iPhoneSimulator.ActiveCfg = FDroid|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|iPhoneSimulator.Build.0 = FDroid|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|Any CPU.Build.0 = Release|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|iPhone.ActiveCfg = Release|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|iPhone.Build.0 = Release|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|Any CPU.ActiveCfg = Ad-Hoc|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|iPhone.ActiveCfg = Ad-Hoc|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|iPhone.Build.0 = Ad-Hoc|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Ad-Hoc|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|iPhoneSimulator.Build.0 = Ad-Hoc|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|Any CPU.ActiveCfg = AppStore|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|iPhone.ActiveCfg = AppStore|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|iPhone.Build.0 = AppStore|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|iPhoneSimulator.ActiveCfg = AppStore|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|iPhoneSimulator.Build.0 = AppStore|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|Any CPU.ActiveCfg = Debug|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhone.ActiveCfg = Debug|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhone.Build.0 = Debug|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhone.Deploy.0 = Debug|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|Any CPU.ActiveCfg = FDroid|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|iPhone.ActiveCfg = FDroid|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|iPhone.Build.0 = FDroid|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|iPhoneSimulator.ActiveCfg = FDroid|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|iPhoneSimulator.Build.0 = FDroid|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|Any CPU.ActiveCfg = Release|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|iPhone.ActiveCfg = Release|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|iPhone.Build.0 = Release|iPhone
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|iPhoneSimulator.ActiveCfg = Release|iPhoneSimulator
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|iPhoneSimulator.Build.0 = Release|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|Any CPU.ActiveCfg = Ad-Hoc|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|Any CPU.Build.0 = Ad-Hoc|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|iPhone.ActiveCfg = Ad-Hoc|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|iPhone.Build.0 = Ad-Hoc|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Ad-Hoc|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Ad-Hoc|iPhoneSimulator.Build.0 = Ad-Hoc|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.AppStore|Any CPU.ActiveCfg = AppStore|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.AppStore|Any CPU.Build.0 = AppStore|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.AppStore|iPhone.ActiveCfg = AppStore|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.AppStore|iPhone.Build.0 = AppStore|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.AppStore|iPhoneSimulator.ActiveCfg = AppStore|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.AppStore|iPhoneSimulator.Build.0 = AppStore|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Debug|Any CPU.ActiveCfg = Debug|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Debug|iPhone.ActiveCfg = Debug|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Debug|iPhone.Build.0 = Debug|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Debug|iPhone.Deploy.0 = Debug|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Debug|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Debug|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.FDroid|Any CPU.ActiveCfg = Release|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.FDroid|Any CPU.Build.0 = Release|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.FDroid|iPhone.ActiveCfg = Release|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.FDroid|iPhone.Build.0 = Release|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.FDroid|iPhoneSimulator.ActiveCfg = Release|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.FDroid|iPhoneSimulator.Build.0 = Release|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Release|Any CPU.ActiveCfg = Release|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Release|iPhone.ActiveCfg = Release|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Release|iPhone.Build.0 = Release|iPhone
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Release|iPhoneSimulator.ActiveCfg = Release|iPhoneSimulator
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545}.Release|iPhoneSimulator.Build.0 = Release|iPhoneSimulator
 		{4085B0A5-12A9-4993-B8B8-4ACE72E62E39}.Ad-Hoc|Any CPU.ActiveCfg = Release|Any CPU
 		{4085B0A5-12A9-4993-B8B8-4ACE72E62E39}.Ad-Hoc|Any CPU.Build.0 = Release|Any CPU
 		{4085B0A5-12A9-4993-B8B8-4ACE72E62E39}.Ad-Hoc|iPhone.ActiveCfg = Release|Any CPU
@@ -387,83 +251,111 @@ Global
 		{8AE548D9-A567-4E97-995E-93EC7DB0FDE0}.Release|iPhone.Build.0 = Release|Any CPU
 		{8AE548D9-A567-4E97-995E-93EC7DB0FDE0}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
 		{8AE548D9-A567-4E97-995E-93EC7DB0FDE0}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|Any CPU.ActiveCfg = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|Any CPU.ActiveCfg = Ad-Hoc|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|Any CPU.Build.0 = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|Any CPU.Build.0 = Ad-Hoc|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|iPhone.ActiveCfg = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|iPhone.ActiveCfg = Ad-Hoc|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|iPhone.Build.0 = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|iPhone.Build.0 = Ad-Hoc|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.AppStore|Any CPU.ActiveCfg = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|Any CPU.ActiveCfg = AppStore|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.AppStore|Any CPU.Build.0 = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|Any CPU.Build.0 = AppStore|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.AppStore|iPhone.ActiveCfg = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|iPhone.ActiveCfg = AppStore|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.AppStore|iPhone.Build.0 = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|iPhone.Build.0 = AppStore|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.AppStore|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.AppStore|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.AppStore|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Debug|Any CPU.ActiveCfg = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|Any CPU.ActiveCfg = Debug|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Debug|Any CPU.Build.0 = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|Any CPU.Build.0 = Debug|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Debug|iPhone.ActiveCfg = Debug|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhone.ActiveCfg = Debug|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Debug|iPhone.Build.0 = Debug|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhone.Build.0 = Debug|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Debug|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Debug|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Debug|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.FDroid|Any CPU.ActiveCfg = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|Any CPU.ActiveCfg = FDroid|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.FDroid|Any CPU.Build.0 = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|Any CPU.Build.0 = FDroid|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.FDroid|iPhone.ActiveCfg = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|iPhone.ActiveCfg = FDroid|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.FDroid|iPhone.Build.0 = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|iPhone.Build.0 = FDroid|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.FDroid|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|iPhoneSimulator.ActiveCfg = FDroid|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.FDroid|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.FDroid|iPhoneSimulator.Build.0 = FDroid|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Release|Any CPU.ActiveCfg = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|Any CPU.ActiveCfg = Release|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Release|Any CPU.Build.0 = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|Any CPU.Build.0 = Release|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Release|iPhone.ActiveCfg = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|iPhone.ActiveCfg = Release|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Release|iPhone.Build.0 = Release|iPhone
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|iPhone.Build.0 = Release|iPhone
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Release|iPhoneSimulator.ActiveCfg = Release|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|iPhoneSimulator.ActiveCfg = Release|iPhoneSimulator
-		{F8C3F648-EA5A-4719-8005-85D1690B1655}.Release|iPhoneSimulator.Build.0 = Release|iPhoneSimulator
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15}.Release|iPhoneSimulator.Build.0 = Release|iPhoneSimulator
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Ad-Hoc|Any CPU.ActiveCfg = Ad-Hoc|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|Any CPU.ActiveCfg = Ad-Hoc|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Ad-Hoc|Any CPU.Build.0 = Ad-Hoc|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|Any CPU.Build.0 = Ad-Hoc|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Ad-Hoc|iPhone.ActiveCfg = Ad-Hoc|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhone.ActiveCfg = Ad-Hoc|iPhone
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Ad-Hoc|iPhone.Build.0 = Ad-Hoc|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhone.Build.0 = Ad-Hoc|iPhone
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Ad-Hoc|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Ad-Hoc|iPhoneSimulator
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Ad-Hoc|iPhoneSimulator.Build.0 = Ad-Hoc|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Ad-Hoc|iPhoneSimulator.Build.0 = Ad-Hoc|iPhoneSimulator
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.AppStore|Any CPU.ActiveCfg = AppStore|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|Any CPU.ActiveCfg = AppStore|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.AppStore|Any CPU.Build.0 = AppStore|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|Any CPU.Build.0 = AppStore|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.AppStore|iPhone.ActiveCfg = AppStore|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|iPhone.ActiveCfg = AppStore|iPhone
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.AppStore|iPhone.Build.0 = AppStore|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|iPhone.Build.0 = AppStore|iPhone
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.AppStore|iPhoneSimulator.ActiveCfg = AppStore|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|iPhoneSimulator.ActiveCfg = AppStore|iPhoneSimulator
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.AppStore|iPhoneSimulator.Build.0 = AppStore|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.AppStore|iPhoneSimulator.Build.0 = AppStore|iPhoneSimulator
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Debug|Any CPU.ActiveCfg = Debug|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Debug|iPhone.ActiveCfg = Debug|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Debug|iPhone.Build.0 = Debug|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|iPhone.ActiveCfg = Debug|iPhone
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Debug|iPhone.Deploy.0 = Debug|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|iPhone.Build.0 = Debug|iPhone
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Debug|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|iPhoneSimulator.ActiveCfg = Debug|iPhoneSimulator
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Debug|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Debug|iPhoneSimulator.Build.0 = Debug|iPhoneSimulator
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.FDroid|Any CPU.ActiveCfg = Release|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|Any CPU.ActiveCfg = FDroid|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.FDroid|Any CPU.Build.0 = Release|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|Any CPU.Build.0 = FDroid|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.FDroid|iPhone.ActiveCfg = Release|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|iPhone.ActiveCfg = FDroid|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.FDroid|iPhone.Build.0 = Release|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|iPhone.Build.0 = FDroid|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.FDroid|iPhoneSimulator.ActiveCfg = Release|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|iPhoneSimulator.ActiveCfg = FDroid|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.FDroid|iPhoneSimulator.Build.0 = Release|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.FDroid|iPhoneSimulator.Build.0 = FDroid|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Release|Any CPU.ActiveCfg = Release|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Release|iPhone.ActiveCfg = Release|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|Any CPU.Build.0 = Release|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Release|iPhone.Build.0 = Release|iPhone
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|iPhone.ActiveCfg = Release|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Release|iPhoneSimulator.ActiveCfg = Release|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|iPhone.Build.0 = Release|Any CPU
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A}.Release|iPhoneSimulator.Build.0 = Release|iPhoneSimulator
+		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
 		{E71F3053-056C-4381-9638-048ED73BDFF6}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|Any CPU.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|Any CPU.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhone.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhone.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|Any CPU.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|Any CPU.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhone.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhone.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhoneSimulator.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.AppStore|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhone.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhone.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhoneSimulator.ActiveCfg = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Debug|iPhoneSimulator.Build.0 = Debug|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|Any CPU.ActiveCfg = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|Any CPU.Build.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhone.ActiveCfg = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhone.Build.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhoneSimulator.ActiveCfg = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.FDroid|iPhoneSimulator.Build.0 = FDroid|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|Any CPU.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhone.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhone.Build.0 = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F} = {D10CA4A9-F866-40E1-B658-F69051236C71}
 		{EE44C6A1-2A85-45FE-8D9B-BF1D5F88809C} = {D10CA4A9-F866-40E1-B658-F69051236C71}
 		{4B8A8C41-9820-4341-974C-41E65B7F4366} = {D10CA4A9-F866-40E1-B658-F69051236C71}
 		{9C8DA5A8-904D-466F-B9B0-1A4AB5A9AFC3} = {8904C536-C67D-420F-9971-51B26574C3AA}
 		{2E399654-26A2-46F6-B9CA-1B496A3F370A} = {92470CBD-9047-4C3C-8EA3-D972D6622D84}
 		{256F9E44-0AF5-4D97-A2F9-DA26080C0A5D} = {2E399654-26A2-46F6-B9CA-1B496A3F370A}
 		{E71F3053-056C-4381-9638-048ED73BDFF6} = {D10CA4A9-F866-40E1-B658-F69051236C71}
 		{599E0201-420A-4C3E-A7BA-5349F72E0B15} = {D10CA4A9-F866-40E1-B658-F69051236C71}
 		{324BE76C-38FA-4F11-8BB1-95C7B3B1B545} = {D10CA4A9-F866-40E1-B658-F69051236C71}
 		{4085B0A5-12A9-4993-B8B8-4ACE72E62E39} = {8904C536-C67D-420F-9971-51B26574C3AA}
 		{8AE548D9-A567-4E97-995E-93EC7DB0FDE0} = {8904C536-C67D-420F-9971-51B26574C3AA}
-		{F8C3F648-EA5A-4719-8005-85D1690B1655} = {D10CA4A9-F866-40E1-B658-F69051236C71}
+		{599E0201-420A-4C3E-A7BA-5349F72E0B15} = {D10CA4A9-F866-40E1-B658-F69051236C71}
-		{8A3ECD75-3EC8-4CB3-B3A2-A73A724C279A} = {D10CA4A9-F866-40E1-B658-F69051236C71}
+		{E71F3053-056C-4381-9638-048ED73BDFF6} = {D10CA4A9-F866-40E1-B658-F69051236C71}
 		{304400AF-F0ED-40FA-B102-EA3C3EC43E4F} = {D10CA4A9-F866-40E1-B658-F69051236C71}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {7D436EA3-8B7E-45D2-8D14-0730BD2E0410}
--- a/global.json
+++ b/global.json
@@ -0,0 +1,5 @@
 {
  "sdk": {
    "version": "7.0.306"
  }
 }
--- a/src/Android/Android.csproj
+++ b/src/Android/Android.csproj
@@ -1,12 +1,13 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFrameworks>net7.0-android</TargetFrameworks>
    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
    <ProjectGuid>{304400AF-F0ED-40FA-B102-EA3C3EC43E4F}</ProjectGuid>
    <ProjectTypeGuids>{EFBA0AD7-5A72-4C68-AF49-83D382785DCF};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
    <TemplateGuid>{c9e5eea5-ca05-42a1-839b-61506e0a37df}</TemplateGuid>
-    <OutputType>Library</OutputType>
+    <OutputType>Exe</OutputType>
    <RootNamespace>Bit.Droid</RootNamespace>
    <AssemblyName>BitwardenAndroid</AssemblyName>
    <AndroidApplication>True</AndroidApplication>
@@ -15,10 +16,13 @@
    <AndroidManifest>Properties\AndroidManifest.xml</AndroidManifest>
    <MonoAndroidResourcePrefix>Resources</MonoAndroidResourcePrefix>
    <MonoAndroidAssetsPrefix>Assets</MonoAndroidAssetsPrefix>
    <TargetFrameworkVersion>v13.0</TargetFrameworkVersion>
    <AndroidHttpClientHandlerType>Xamarin.Android.Net.AndroidClientHandler</AndroidHttpClientHandlerType>
    <SupportedOSPlatformVersion>21</SupportedOSPlatformVersion>
    <NuGetPackageImportStamp>
    </NuGetPackageImportStamp>
    <Configurations>Debug;Release;FDroid</Configurations>
    <JavaMaximumHeapSize>1G</JavaMaximumHeapSize>
    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
  </PropertyGroup>
  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
    <DebugSymbols>true</DebugSymbols>
@@ -62,39 +66,46 @@
    <AndroidEnableProfiledAot>true</AndroidEnableProfiledAot>
  </PropertyGroup>
  <ItemGroup>
-    <Reference Include="Mono.Android" />
+    <!--<Reference Include="Mono.Android" />
    <Reference Include="Mono.Android.Export" />
    <Reference Include="System" />
    <Reference Include="System.Core" />
    <Reference Include="System.Xml.Linq" />
-    <Reference Include="System.Xml" />
+    <Reference Include="System.Xml" />-->
    <Reference Include="System.Net.Http" Condition="'$(Configuration)'=='FDroid'" />
  </ItemGroup>
  <ItemGroup>
-    <PackageReference Include="Plugin.CurrentActivity">
+    <PackageReference Include="Plugin.CurrentActivity" Version="2.1.0.4">
      <Version>2.1.0.4</Version>
    </PackageReference>
-    <PackageReference Include="Portable.BouncyCastle">
+    <PackageReference Include="Portable.BouncyCastle" Version="1.9.0">
      <Version>1.9.0</Version>
    </PackageReference>
-    <PackageReference Include="Xamarin.AndroidX.AppCompat" Version="1.5.1.1" />
+    <!--<PackageReference Include="Xamarin.AndroidX.AppCompat" Version="1.5.1.1" />
    <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.16" />
    <PackageReference Include="Xamarin.AndroidX.CardView" Version="1.0.0.19" />
    <PackageReference Include="Xamarin.AndroidX.Core" Version="1.10.0" />
    <PackageReference Include="Xamarin.AndroidX.MediaRouter" Version="1.3.1.1" />
-    <PackageReference Include="Xamarin.Essentials">
+    <PackageReference Include="Xamarin.Essentials" Version="1.7.5">
      <Version>1.7.5</Version>
    </PackageReference>
-    <PackageReference Include="Xamarin.Firebase.Messaging">
+    <PackageReference Include="Xamarin.Firebase.Messaging" Version="123.1.1.1">
      <Version>123.1.1.1</Version>
    </PackageReference>
    <PackageReference Include="Xamarin.Google.Android.Material" Version="1.8.0" />
    <PackageReference Include="Xamarin.Google.Dagger" Version="2.44.2.1" />
-    <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet">
+    <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet" Version="118.0.1.3">
-      <Version>118.0.1.3</Version>
+    </PackageReference>-->
-    </PackageReference>
+
    <!--<PackageReference Include="Xamarin.AndroidX.RecyclerView" Version="1.3.0.3" />
    <PackageReference Include="Xamarin.AndroidX.MediaRouter" Version="1.4.0.2" />
    <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet" Version="118.0.1.5" />
    <PackageReference Include="Xamarin.Kotlin.StdLib.Jdk8" Version="1.9.0.1" />
    <PackageReference Include="Xamarin.Kotlin.StdLib" Version="1.9.0.1" />
    <PackageReference Include="Xamarin.AndroidX.Activity.Ktx" Version="1.7.2.1" />-->
    <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.18" />
    <PackageReference Include="Xamarin.AndroidX.Core" Version="1.10.1.2" />
    <PackageReference Include="Xamarin.AndroidX.AppCompat" Version="1.6.1.3" />
  </ItemGroup>
-  <ItemGroup>
+  <!--<ItemGroup>
    <Compile Include="Accessibility\AccessibilityActivity.cs" />
    <Compile Include="Accessibility\AccessibilityHelpers.cs" />
    <Compile Include="Accessibility\Credentials.cs" />
@@ -160,7 +171,7 @@
    <Compile Include="Effects\RemoveFontPaddingEffect.cs" />
    <Compile Include="Services\WatchDeviceService.cs" />
    <Compile Include="Renderers\CustomLabelRenderer.cs" />
-  </ItemGroup>
+  </ItemGroup>-->
  <ItemGroup>
    <AndroidAsset Include="Assets\bwi-font.ttf" />
    <AndroidAsset Include="Assets\RobotoMono_Regular.ttf" />
@@ -251,12 +262,10 @@
  </ItemGroup>
  <ItemGroup>
    <ProjectReference Include="..\App\App.csproj">
-      <Project>{EE44C6A1-2A85-45FE-8D9B-BF1D5F88809C}</Project>
+      <ReferenceSourceTarget></ReferenceSourceTarget>
      <Name>App</Name>
    </ProjectReference>
    <ProjectReference Include="..\Core\Core.csproj">
-      <Project>{4b8a8c41-9820-4341-974c-41e65b7f4366}</Project>
+      <ReferenceSourceTarget></ReferenceSourceTarget>
      <Name>Core</Name>
    </ProjectReference>
  </ItemGroup>
  <ItemGroup>
@@ -315,5 +324,12 @@
    <Folder Include="Resources\drawable-v26\" />
    <Folder Include="Resources\drawable-night-v26\" />
  </ItemGroup>
-  <Import Project="$(MSBuildExtensionsPath)\Xamarin\Android\Xamarin.Android.CSharp.targets" />
+  <Target BeforeTargets="_CheckForTransitiveWindowsDesktopDependencies" Name="_FixSdkError_NETSDK1136">
    <ItemGroup>
      <TransitiveFrameworkReference Remove="Microsoft.WindowsDesktop.App" />
      <TransitiveFrameworkReference Remove="Microsoft.WindowsDesktop.App.WPF" />
      <TransitiveFrameworkReference Remove="Microsoft.WindowsDesktop.App.WindowsForms" />
    </ItemGroup>
  </Target>
  <!--<Import Project="$(MSBuildExtensionsPath)\Xamarin\Android\Xamarin.Android.CSharp.targets" />-->
 </Project>
--- a/src/Android/MainApplication.cs
+++ b/src/Android/MainApplication.cs
@@ -22,9 +22,9 @@ using Bit.App.Pages;
 using Bit.App.Utilities.AccountManagement;
 using Bit.App.Controls;
 using Bit.Core.Enums;
-#if !FDROID
+//#if !FDROID
-using Android.Gms.Security;
+//using Android.Gms.Security;
-#endif
+//#endif
 namespace Bit.Droid
 {
@@ -37,7 +37,7 @@ namespace Bit.Droid
 #if FDROID
    public class MainApplication : Application
 #else
-    public class MainApplication : Application, ProviderInstaller.IProviderInstallListener
+    public class MainApplication : Application //, ProviderInstaller.IProviderInstallListener
 #endif
    {
        public MainApplication(IntPtr handle, JniHandleOwnership transer)
@@ -70,8 +70,7 @@ namespace Bit.Droid
                var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
                    ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
                    ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
-                    ServiceContainer.Resolve<ICryptoService>("cryptoService"),
+                    ServiceContainer.Resolve<ICryptoService>("cryptoService"));
                    ServiceContainer.Resolve<IUserVerificationService>());
                ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
                var accountsManager = new AccountsManager(
@@ -87,12 +86,12 @@ namespace Bit.Droid
                    ServiceContainer.Resolve<IConditionedAwaiterManager>());
                ServiceContainer.Register<IAccountsManager>("accountsManager", accountsManager);
            }
-#if !FDROID
+//#if !FDROID
-            if (Build.VERSION.SdkInt <= BuildVersionCodes.Kitkat)
+//            if (Build.VERSION.SdkInt <= BuildVersionCodes.Kitkat)
-            {
+//            {
-                ProviderInstaller.InstallIfNeededAsync(ApplicationContext, this);
+//                ProviderInstaller.InstallIfNeededAsync(ApplicationContext, this);
-            }
+//            }
-#endif
+//#endif
        }
        public override void OnCreate()
@@ -157,9 +156,9 @@ namespace Bit.Droid
                messagingService, broadcasterService);
            var autofillHandler = new AutofillHandler(stateService, messagingService, clipboardService,
                platformUtilsService, new LazyResolve<IEventService>());
            var biometricService = new BiometricService(stateService);
            var cryptoFunctionService = new PclCryptoFunctionService(cryptoPrimitiveService);
            var cryptoService = new CryptoService(stateService, cryptoFunctionService);
            var biometricService = new BiometricService(stateService, cryptoService);
            var passwordRepromptService = new MobilePasswordRepromptService(platformUtilsService, cryptoService);
            ServiceContainer.Register<ISynchronousStorageService>(preferencesStorage);
--- a/src/Android/Push/FirebaseMessagingService.cs
+++ b/src/Android/Push/FirebaseMessagingService.cs
@@ -1,60 +1,60 @@
-#if !FDROID
+//#if !FDROID
-using System;
+//using System;
-using Android.App;
+//using Android.App;
-using Bit.App.Abstractions;
+//using Bit.App.Abstractions;
-using Bit.Core.Abstractions;
+//using Bit.Core.Abstractions;
-using Bit.Core.Services;
+//using Bit.Core.Services;
-using Bit.Core.Utilities;
+//using Bit.Core.Utilities;
-using Firebase.Messaging;
+//using Firebase.Messaging;
-using Newtonsoft.Json;
+//using Newtonsoft.Json;
-using Newtonsoft.Json.Linq;
+//using Newtonsoft.Json.Linq;
-using Xamarin.Forms;
+//using Xamarin.Forms;
-namespace Bit.Droid.Push
+//namespace Bit.Droid.Push
-{
+//{
-    [Service(Exported=false)]
+//    [Service(Exported=false)]
-    [IntentFilter(new[] { "com.google.firebase.MESSAGING_EVENT" })]
+//    [IntentFilter(new[] { "com.google.firebase.MESSAGING_EVENT" })]
-    public class FirebaseMessagingService : Firebase.Messaging.FirebaseMessagingService
+//    public class FirebaseMessagingService : Firebase.Messaging.FirebaseMessagingService
-    {
+//    {
-        public async override void OnNewToken(string token)
+//        public async override void OnNewToken(string token)
-        {
+//        {
-            try { 
+//            try { 
-                var stateService = ServiceContainer.Resolve<IStateService>("stateService");
+//                var stateService = ServiceContainer.Resolve<IStateService>("stateService");
-                var pushNotificationService = ServiceContainer.Resolve<IPushNotificationService>("pushNotificationService");
+//                var pushNotificationService = ServiceContainer.Resolve<IPushNotificationService>("pushNotificationService");
-                await stateService.SetPushRegisteredTokenAsync(token);
+//                await stateService.SetPushRegisteredTokenAsync(token);
-                await pushNotificationService.RegisterAsync();
+//                await pushNotificationService.RegisterAsync();
-            }
+//            }
-            catch (Exception ex)
+//            catch (Exception ex)
-            {
+//            {
-                Logger.Instance.Exception(ex);
+//                Logger.Instance.Exception(ex);
-            }
+//            }
-        }
+//        }
-        public async override void OnMessageReceived(RemoteMessage message)
+//        public async override void OnMessageReceived(RemoteMessage message)
-        {
+//        {
-            try
+//            try
-            {
+//            {
-                if (message?.Data == null)
+//                if (message?.Data == null)
-                {
+//                {
-                    return;
+//                    return;
-                }
+//                }
-                var data = message.Data.ContainsKey("data") ? message.Data["data"] : null;
+//                var data = message.Data.ContainsKey("data") ? message.Data["data"] : null;
-                if (data == null)
+//                if (data == null)
-                {
+//                {
-                    return;
+//                    return;
-                }
+//                }
-                var obj = JObject.Parse(data);
+//                var obj = JObject.Parse(data);
-                var listener = ServiceContainer.Resolve<IPushNotificationListenerService>(
+//                var listener = ServiceContainer.Resolve<IPushNotificationListenerService>(
-                    "pushNotificationListenerService");
+//                    "pushNotificationListenerService");
-                await listener.OnMessageAsync(obj, Device.Android);
+//                await listener.OnMessageAsync(obj, Device.Android);
-            }
+//            }
-            catch (Exception ex)
+//            catch (Exception ex)
-            {
+//            {
-                Logger.Instance.Exception(ex);
+//                Logger.Instance.Exception(ex);
-            }
+//            }
-        }
+//        }
-    }
+//    }
-}
+//}
-#endif
+//#endif
--- a/src/Android/Resources/values/attrs.xml
+++ b/src/Android/Resources/values/attrs.xml
@@ -0,0 +1,5 @@
 <resources>
 <declare-styleable name='SKCanvasView'>
 	<attr name='ignorePixelScaling' format='boolean'/>
 </declare-styleable>
 </resources>
--- a/src/Android/Services/BiometricService.cs
+++ b/src/Android/Services/BiometricService.cs
@@ -2,7 +2,6 @@
 using System.Threading.Tasks;
 using Android.OS;
 using Android.Security.Keystore;
 using Bit.App.Services;
 using Bit.Core.Abstractions;
 using Bit.Core.Services;
 using Java.Security;
@@ -10,8 +9,10 @@ using Javax.Crypto;
 namespace Bit.Droid.Services
 {
-    public class BiometricService : BaseBiometricService
+    public class BiometricService : IBiometricService
    {
        private readonly IStateService _stateService;
        private const string KeyName = "com.8bit.bitwarden.biometric_integrity";
        private const string KeyStoreName = "AndroidKeyStore";
@@ -23,14 +24,14 @@ namespace Bit.Droid.Services
        private readonly KeyStore _keystore;
-        public BiometricService(IStateService stateService, ICryptoService cryptoService)
+        public BiometricService(IStateService stateService)
            : base(stateService, cryptoService)
        {
            _stateService = stateService;
            _keystore = KeyStore.GetInstance(KeyStoreName);
            _keystore.Load(null);
        }
-        public override async Task<bool> SetupBiometricAsync(string bioIntegritySrcKey = null)
+        public async Task<bool> SetupBiometricAsync(string bioIntegritySrcKey = null)
        {
            if (Build.VERSION.SdkInt >= BuildVersionCodes.M)
            {
@@ -40,7 +41,7 @@ namespace Bit.Droid.Services
            return true;
        }
-        public override async Task<bool> IsSystemBiometricIntegrityValidAsync(string bioIntegritySrcKey = null)
+        public async Task<bool> IsSystemBiometricIntegrityValidAsync(string bioIntegritySrcKey = null)
        {
            if (Build.VERSION.SdkInt < BuildVersionCodes.M)
            {
--- a/src/App/Abstractions/IPasswordRepromptService.cs
+++ b/src/App/Abstractions/IPasswordRepromptService.cs
@@ -9,5 +9,7 @@ namespace Bit.App.Abstractions
        Task<bool> ShowPasswordPromptAsync();
        Task<(string password, bool valid)> ShowPasswordPromptAndGetItAsync();
        Task<bool> Enabled();
    }
 }
--- a/src/App/Pages/Accounts/HomePageViewModel.cs
+++ b/src/App/Pages/Accounts/HomePageViewModel.cs
@@ -7,17 +7,17 @@ using Bit.App.Utilities;
 using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Response;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
 using Xamarin.Essentials;
 using Xamarin.Forms;
 namespace Bit.App.Pages
 {
    public class HomeViewModel : BaseViewModel
    {
        private const string LOGGING_IN_ON_US = "bitwarden.com";
        private const string LOGGING_IN_ON_EU = "bitwarden.eu";
        private readonly IStateService _stateService;
        private readonly IMessagingService _messagingService;
        private readonly IPlatformUtilsService _platformUtilsService;
@@ -30,6 +30,8 @@ namespace Bit.App.Pages
        private bool _rememberEmail;
        private string _email;
        private string _selectedEnvironmentName;
        private bool _isEmailEnabled;
        private bool _canLogin;
        private bool _displayEuEnvironment;
        public HomeViewModel()
@@ -84,7 +86,7 @@ namespace Bit.App.Pages
            set => SetProperty(ref _selectedEnvironmentName, value);
        }
-        public string RegionText => $"{AppResources.LoggingInOn}:";
+        public string RegionText => $"{AppResources.Region}:";
        public bool CanContinue => !string.IsNullOrEmpty(Email);
        public FormattedString CreateAccountText
@@ -165,12 +167,12 @@ namespace Bit.App.Pages
        {
            _displayEuEnvironment = await _configService.GetFeatureFlagBoolAsync(Constants.DisplayEuEnvironmentFlag);
            var options = _displayEuEnvironment
-                    ? new string[] { LOGGING_IN_ON_US, LOGGING_IN_ON_EU, AppResources.SelfHosted }
+                    ? new string[] { AppResources.US, AppResources.EU, AppResources.SelfHosted }
-                    : new string[] { LOGGING_IN_ON_US, AppResources.SelfHosted };
+                    : new string[] { AppResources.US, AppResources.SelfHosted };
            await Device.InvokeOnMainThreadAsync(async () =>
            {
-                var result = await Page.DisplayActionSheet(AppResources.LoggingInOn, AppResources.Cancel, null, options);
+                var result = await Page.DisplayActionSheet(AppResources.DataRegion, AppResources.Cancel, null, options);
                if (result is null || result == AppResources.Cancel)
                {
@@ -183,7 +185,7 @@ namespace Bit.App.Pages
                    return;
                }
-                await _environmentService.SetUrlsAsync(result == LOGGING_IN_ON_EU ? EnvironmentUrlData.DefaultEU : EnvironmentUrlData.DefaultUS);
+                await _environmentService.SetUrlsAsync(result == AppResources.EU ? EnvironmentUrlData.DefaultEU : EnvironmentUrlData.DefaultUS);
                await _configService.GetAsync(true);
                SelectedEnvironmentName = result;
            });
@@ -196,17 +198,17 @@ namespace Bit.App.Pages
            {
                await _environmentService.SetUrlsAsync(EnvironmentUrlData.DefaultUS);
                environmentsSaved = EnvironmentUrlData.DefaultUS;
-                SelectedEnvironmentName = LOGGING_IN_ON_US;
+                SelectedEnvironmentName = AppResources.US;
                return;
            }
            if (environmentsSaved.Base == EnvironmentUrlData.DefaultUS.Base)
            {
-                SelectedEnvironmentName = LOGGING_IN_ON_US;
+                SelectedEnvironmentName = AppResources.US;
            }
            else if (environmentsSaved.Base == EnvironmentUrlData.DefaultEU.Base)
            {
-                SelectedEnvironmentName = LOGGING_IN_ON_EU;
+                SelectedEnvironmentName = AppResources.EU;
            }
            else
            {
--- a/src/App/Pages/Accounts/LockPage.xaml
+++ b/src/App/Pages/Accounts/LockPage.xaml
@@ -46,7 +46,7 @@
                    <StackLayout StyleClass="box">
                        <Grid
                            StyleClass="box-row"
-                            IsVisible="{Binding PinEnabled}"
+                            IsVisible="{Binding PinLock}"
                            Padding="0, 10, 0, 0">
                            <Grid.RowDefinitions>
                                <RowDefinition Height="Auto" />
@@ -89,7 +89,7 @@
                        <Grid
                            x:Name="_passwordGrid"
                            StyleClass="box-row"
-                            IsVisible="{Binding PinEnabled, Converter={StaticResource inverseBool}}"
+                            IsVisible="{Binding PinLock, Converter={StaticResource inverseBool}}"
                            Padding="0, 10, 0, 0">
                            <Grid.RowDefinitions>
                                <RowDefinition Height="Auto" />
--- a/src/App/Pages/Accounts/LockPage.xaml.cs
+++ b/src/App/Pages/Accounts/LockPage.xaml.cs
@@ -20,14 +20,13 @@ namespace Bit.App.Pages
        private bool _promptedAfterResume;
        private bool _appeared;
-        public LockPage(AppOptions appOptions = null, bool autoPromptBiometric = true, bool checkPendingAuthRequests = true)
+        public LockPage(AppOptions appOptions = null, bool autoPromptBiometric = true)
        {
            _appOptions = appOptions;
            _autoPromptBiometric = autoPromptBiometric;
            InitializeComponent();
            _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>();
            _vm = BindingContext as LockPageViewModel;
            _vm.CheckPendingAuthRequests = checkPendingAuthRequests;
            _vm.Page = this;
            _vm.UnlockedAction = () => Device.BeginInvokeOnMainThread(async () => await UnlockedAsync());
@@ -45,7 +44,7 @@ namespace Bit.App.Pages
        {
            get
            {
-                if (_vm?.PinEnabled ?? false)
+                if (_vm?.PinLock ?? false)
                {
                    return _pin;
                }
@@ -55,7 +54,7 @@ namespace Bit.App.Pages
        public async Task PromptBiometricAfterResumeAsync()
        {
-            if (_vm.BiometricEnabled)
+            if (_vm.BiometricLock)
            {
                await Task.Delay(500);
                if (!_promptedAfterResume)
@@ -92,13 +91,13 @@ namespace Bit.App.Pages
            _vm.FocusSecretEntry += PerformFocusSecretEntry;
-            if (!_vm.BiometricEnabled)
+            if (!_vm.BiometricLock)
            {
                RequestFocus(SecretEntry);
            }
            else
            {
-                if (!_vm.HasMasterPassword && !_vm.PinEnabled)
+                if (_vm.UsingKeyConnector && !_vm.PinLock)
                {
                    _passwordGrid.IsVisible = false;
                    _unlockButton.IsVisible = false;
--- a/src/App/Pages/Accounts/LockPageViewModel.cs
+++ b/src/App/Pages/Accounts/LockPageViewModel.cs
@@ -27,27 +27,27 @@ namespace Bit.App.Pages
        private readonly IEnvironmentService _environmentService;
        private readonly IStateService _stateService;
        private readonly IBiometricService _biometricService;
-        private readonly IUserVerificationService _userVerificationService;
+        private readonly IKeyConnectorService _keyConnectorService;
        private readonly ILogger _logger;
        private readonly IWatchDeviceService _watchDeviceService;
        private readonly WeakEventManager<int?> _secretEntryFocusWeakEventManager = new WeakEventManager<int?>();
        private readonly IPolicyService _policyService;
        private readonly IPasswordGenerationService _passwordGenerationService;
-        private IDeviceTrustCryptoService _deviceTrustCryptoService;
+
        private readonly ISyncService _syncService;
        private string _email;
        private string _masterPassword;
        private string _pin;
        private bool _showPassword;
-        private PinLockType _pinStatus;
+        private bool _pinLock;
-        private bool _pinEnabled;
+        private bool _biometricLock;
        private bool _biometricEnabled;
        private bool _biometricIntegrityValid = true;
        private bool _biometricButtonVisible;
-        private bool _hasMasterPassword;
+        private bool _usingKeyConnector;
        private string _biometricButtonText;
        private string _loggedInAsText;
        private string _lockedVerifyText;
        private bool _isPinProtected;
        private bool _isPinProtectedWithKey;
        public LockPageViewModel()
        {
@@ -60,13 +60,11 @@ namespace Bit.App.Pages
            _environmentService = ServiceContainer.Resolve<IEnvironmentService>("environmentService");
            _stateService = ServiceContainer.Resolve<IStateService>("stateService");
            _biometricService = ServiceContainer.Resolve<IBiometricService>("biometricService");
-            _userVerificationService = ServiceContainer.Resolve<IUserVerificationService>();
+            _keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
            _logger = ServiceContainer.Resolve<ILogger>("logger");
            _watchDeviceService = ServiceContainer.Resolve<IWatchDeviceService>();
            _policyService = ServiceContainer.Resolve<IPolicyService>();
            _passwordGenerationService = ServiceContainer.Resolve<IPasswordGenerationService>();
            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
            _syncService = ServiceContainer.Resolve<ISyncService>();
            PageTitle = AppResources.VerifyMasterPassword;
            TogglePasswordCommand = new Command(TogglePassword);
@@ -102,21 +100,21 @@ namespace Bit.App.Pages
                });
        }
-        public bool PinEnabled
+        public bool PinLock
        {
-            get => _pinEnabled;
+            get => _pinLock;
-            set => SetProperty(ref _pinEnabled, value);
+            set => SetProperty(ref _pinLock, value);
        }
-        public bool HasMasterPassword
+        public bool UsingKeyConnector
        {
-            get => _hasMasterPassword;
+            get => _usingKeyConnector;
        }
-        public bool BiometricEnabled
+        public bool BiometricLock
        {
-            get => _biometricEnabled;
+            get => _biometricLock;
-            set => SetProperty(ref _biometricEnabled, value);
+            set => SetProperty(ref _biometricLock, value);
        }
        public bool BiometricIntegrityValid
@@ -149,8 +147,6 @@ namespace Bit.App.Pages
            set => SetProperty(ref _lockedVerifyText, value);
        }
        public bool CheckPendingAuthRequests { get; set; }
        public AccountSwitchingOverlayViewModel AccountSwitchingOverlayViewModel { get; }
        public Command SubmitCommand { get; }
@@ -166,32 +162,18 @@ namespace Bit.App.Pages
        public async Task InitAsync()
        {
-            var pendingRequest = await _stateService.GetPendingAdminAuthRequestAsync();
+            (_isPinProtected, _isPinProtectedWithKey) = await _vaultTimeoutService.IsPinLockSetAsync();
-            if (pendingRequest != null && CheckPendingAuthRequests)
+            PinLock = (_isPinProtected && await _stateService.GetPinProtectedKeyAsync() != null) ||
                      _isPinProtectedWithKey;
            BiometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() && await _cryptoService.HasKeyAsync();
            // Users with key connector and without biometric or pin has no MP to unlock with
            _usingKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
            if (_usingKeyConnector && !(BiometricLock || PinLock))
            {
                await _vaultTimeoutService.LogOutAsync();
                return;
            }
            _pinStatus = await _vaultTimeoutService.GetPinLockTypeAsync();
            var ephemeralPinSet = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync()
                ?? await _stateService.GetPinProtectedKeyAsync();
            PinEnabled = (_pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
                      _pinStatus == PinLockType.Persistent;
            BiometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync() && await _biometricService.CanUseBiometricsUnlockAsync();
            // Users without MP and without biometric or pin has no MP to unlock with
            _hasMasterPassword = await _userVerificationService.HasMasterPasswordAsync();
            if (await _stateService.IsAuthenticatedAsync()
                 && !_hasMasterPassword
                 && !BiometricEnabled
                 && !PinEnabled)
            {
                await _vaultTimeoutService.LogOutAsync();
                return;
            }
            _email = await _stateService.GetEmailAsync();
            if (string.IsNullOrWhiteSpace(_email))
            {
@@ -206,18 +188,26 @@ namespace Bit.App.Pages
            }
            var webVaultHostname = CoreHelpers.GetHostname(webVault);
            LoggedInAsText = string.Format(AppResources.LoggedInAsOn, _email, webVaultHostname);
-            if (PinEnabled)
+            if (PinLock)
            {
                PageTitle = AppResources.VerifyPIN;
                LockedVerifyText = AppResources.VaultLockedPIN;
            }
            else
            {
-                PageTitle = _hasMasterPassword ? AppResources.VerifyMasterPassword : AppResources.UnlockVault;
+                if (_usingKeyConnector)
-                LockedVerifyText = _hasMasterPassword ? AppResources.VaultLockedMasterPassword : AppResources.VaultLockedIdentity;
+                {
                    PageTitle = AppResources.UnlockVault;
                    LockedVerifyText = AppResources.VaultLockedIdentity;
                }
                else
                {
                    PageTitle = AppResources.VerifyMasterPassword;
                    LockedVerifyText = AppResources.VaultLockedMasterPassword;
                }
            }
-            if (BiometricEnabled)
+            if (BiometricLock)
            {
                BiometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync();
                if (!_biometricIntegrityValid)
@@ -239,14 +229,14 @@ namespace Bit.App.Pages
        public async Task SubmitAsync()
        {
-            if (PinEnabled && string.IsNullOrWhiteSpace(Pin))
+            if (PinLock && string.IsNullOrWhiteSpace(Pin))
            {
                await Page.DisplayAlert(AppResources.AnErrorHasOccurred,
                    string.Format(AppResources.ValidationFieldRequired, AppResources.PIN),
                    AppResources.Ok);
                return;
            }
-            if (!PinEnabled && string.IsNullOrWhiteSpace(MasterPassword))
+            if (!PinLock && string.IsNullOrWhiteSpace(MasterPassword))
            {
                await Page.DisplayAlert(AppResources.AnErrorHasOccurred,
                    string.Format(AppResources.ValidationFieldRequired, AppResources.MasterPassword),
@@ -257,54 +247,34 @@ namespace Bit.App.Pages
            ShowPassword = false;
            var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
-            if (PinEnabled)
+            if (PinLock)
            {
                var failed = true;
                try
                {
-                    EncString userKeyPin = null;
+                    if (_isPinProtected)
                    EncString oldPinProtected = null;
                    if (_pinStatus == PinLockType.Persistent)
                    {
-                        userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyAsync();
+                        var key = await _cryptoService.MakeKeyFromPinAsync(Pin, _email,
                        var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
                        oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
                    }
                    else if (_pinStatus == PinLockType.Transient)
                    {
                        userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync();
                        oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
                    }
                    UserKey userKey;
                    if (oldPinProtected != null)
                    {
                        userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
                            _pinStatus == PinLockType.Transient,
                            Pin,
                            _email,
                            kdfConfig,
-                            oldPinProtected
+                            await _stateService.GetPinProtectedKeyAsync());
-                        );
+                        var encKey = await _cryptoService.GetEncKeyAsync(key);
                        var protectedPin = await _stateService.GetProtectedPinAsync();
                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
                        failed = decPin != Pin;
                        if (!failed)
                        {
                            Pin = string.Empty;
                            await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                            await SetKeyAndContinueAsync(key);
                        }
                    }
                    else
                    {
-                        userKey = await _cryptoService.DecryptUserKeyWithPinAsync(
+                        var key = await _cryptoService.MakeKeyFromPinAsync(Pin, _email, kdfConfig);
-                            Pin,
+                        failed = false;
                            _email,
                            kdfConfig,
                            userKeyPin
                        );
                    }
                    var protectedPin = await _stateService.GetProtectedPinAsync();
                    var decryptedPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), userKey);
                    failed = decryptedPin != Pin;
                    if (!failed)
                    {
                        Pin = string.Empty;
                        await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                        await SetUserKeyAndContinueAsync(userKey);
+                        await SetKeyAndContinueAsync(key);
                    }
                }
                catch
@@ -325,21 +295,19 @@ namespace Bit.App.Pages
            }
            else
            {
-                var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, _email, kdfConfig);
+                var key = await _cryptoService.MakeKeyAsync(MasterPassword, _email, kdfConfig);
-                var storedKeyHash = await _cryptoService.GetMasterKeyHashAsync();
+                var storedKeyHash = await _cryptoService.GetKeyHashAsync();
                var passwordValid = false;
                MasterPasswordPolicyOptions enforcedMasterPasswordOptions = null;
                if (storedKeyHash != null)
                {
-                    // Offline unlock possible
+                    passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(MasterPassword, key);
                    passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(MasterPassword, masterKey);
                }
                else
                {
                    // Online unlock required
                    await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
-                    var keyHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey, HashPurpose.ServerAuthorization);
+                    var keyHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.ServerAuthorization);
                    var request = new PasswordVerificationRequest();
                    request.MasterPasswordHash = keyHash;
@@ -348,8 +316,8 @@ namespace Bit.App.Pages
                        var response = await _apiService.PostAccountVerifyPasswordAsync(request);
                        enforcedMasterPasswordOptions = response.MasterPasswordPolicy;
                        passwordValid = true;
-                        var localKeyHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey, HashPurpose.LocalAuthorization);
+                        var localKeyHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.LocalAuthorization);
-                        await _cryptoService.SetMasterKeyHashAsync(localKeyHash);
+                        await _cryptoService.SetKeyHashAsync(localKeyHash);
                    }
                    catch (Exception e)
                    {
@@ -359,6 +327,15 @@ namespace Bit.App.Pages
                }
                if (passwordValid)
                {
                    if (_isPinProtected)
                    {
                        var protectedPin = await _stateService.GetProtectedPinAsync();
                        var encKey = await _cryptoService.GetEncKeyAsync(key);
                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
                        var pinKey = await _cryptoService.MakePinKeyAysnc(decPin, _email, kdfConfig);
                        await _stateService.SetPinProtectedKeyAsync(await _cryptoService.EncryptAsync(key.Key, pinKey));
                    }
                    if (await RequirePasswordChangeAsync(enforcedMasterPasswordOptions))
                    {
                        // Save the ForcePasswordResetReason to force a password reset after unlock
@@ -368,13 +345,10 @@ namespace Bit.App.Pages
                    MasterPassword = string.Empty;
                    await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-
+                    await SetKeyAndContinueAsync(key);
                    var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
                    await _cryptoService.SetMasterKeyAsync(masterKey);
                    await SetUserKeyAndContinueAsync(userKey);
                    // Re-enable biometrics
-                    if (BiometricEnabled & !BiometricIntegrityValid)
+                    if (BiometricLock & !BiometricIntegrityValid)
                    {
                        await _biometricService.SetupBiometricAsync();
                    }
@@ -451,7 +425,7 @@ namespace Bit.App.Pages
        public void TogglePassword()
        {
            ShowPassword = !ShowPassword;
-            var secret = PinEnabled ? Pin : MasterPassword;
+            var secret = PinLock ? Pin : MasterPassword;
            _secretEntryFocusWeakEventManager.RaiseEvent(string.IsNullOrEmpty(secret) ? 0 : secret.Length, nameof(FocusSecretEntry));
        }
@@ -459,35 +433,32 @@ namespace Bit.App.Pages
        {
            BiometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync();
            BiometricButtonVisible = BiometricIntegrityValid;
-            if (!BiometricEnabled || !BiometricIntegrityValid)
+            if (!BiometricLock || !BiometricIntegrityValid)
            {
                return;
            }
            var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
-                PinEnabled ? AppResources.PIN : AppResources.MasterPassword,
+                PinLock ? AppResources.PIN : AppResources.MasterPassword,
                () => _secretEntryFocusWeakEventManager.RaiseEvent((int?)null, nameof(FocusSecretEntry)));
            await _stateService.SetBiometricLockedAsync(!success);
            if (success)
            {
-                var userKey = await _cryptoService.GetBiometricUnlockKeyAsync();
+                await DoContinueAsync();
                await SetUserKeyAndContinueAsync(userKey);
            }
        }
-        private async Task SetUserKeyAndContinueAsync(UserKey key)
+        private async Task SetKeyAndContinueAsync(SymmetricCryptoKey key)
        {
-            var hasKey = await _cryptoService.HasUserKeyAsync();
+            var hasKey = await _cryptoService.HasKeyAsync();
            if (!hasKey)
            {
-                await _cryptoService.SetUserKeyAsync(key);
+                await _cryptoService.SetKeyAsync(key);
            }
            await _deviceTrustCryptoService.TrustDeviceIfNeededAsync();
            await DoContinueAsync();
        }
        private async Task DoContinueAsync()
        {
            _syncService.FullSyncAsync(false).FireAndForget();
            await _stateService.SetBiometricLockedAsync(false);
            _watchDeviceService.SyncDataToWatchAsync().FireAndForget();
            _messagingService.Send("unlocked");
--- a/src/App/Pages/Accounts/LoginApproveDevicePage.xaml
+++ b/src/App/Pages/Accounts/LoginApproveDevicePage.xaml
@@ -1,76 +0,0 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <pages:BaseContentPage 
    xmlns="http://xamarin.com/schemas/2014/forms"
    xmlns:x="http://schemas.microsoft.com/winfx/2009/xaml"
    x:Class="Bit.App.Pages.LoginApproveDevicePage"
    xmlns:pages="clr-namespace:Bit.App.Pages"
    xmlns:u="clr-namespace:Bit.App.Utilities"
    x:DataType="pages:LoginApproveDeviceViewModel"
    x:Name="_page"
    Title="{Binding PageTitle}">
    <ContentPage.BindingContext>
        <pages:LoginApproveDeviceViewModel />
    </ContentPage.BindingContext>
    <StackLayout Padding="10, 10">
        <StackLayout Padding="5, 10" Orientation="Horizontal">
            <StackLayout HorizontalOptions="FillAndExpand">
                <Label
                    StyleClass="text-md"
                    Text="{u:I18n RememberThisDevice}"/>
                <Label
                    StyleClass="box-sub-label"
                    Text="{u:I18n TurnOffUsingPublicDevice}"/>
            </StackLayout>
            <Switch
                Scale="0.8"
                IsToggled="{Binding RememberThisDevice}"
                VerticalOptions="Center"/>
        </StackLayout>
        <StackLayout Margin="0, 20, 0, 0">
            <Button
                x:Name="_continue"
                Text="{u:I18n Continue}" 
                StyleClass="btn-primary"
                Command="{Binding ContinueCommand}"
                IsVisible="{Binding IsNewUser}"/>
            <Button
                x:Name="_approveWithMyOtherDevice"
                Text="{u:I18n ApproveWithMyOtherDevice}" 
                StyleClass="btn-primary"
                Command="{Binding ApproveWithMyOtherDeviceCommand}"
                IsVisible="{Binding ApproveWithMyOtherDeviceEnabled}"/>
            <Button
                x:Name="_requestAdminApproval"
                Text="{u:I18n RequestAdminApproval}" 
                StyleClass="box-button-row"
                Command="{Binding RequestAdminApprovalCommand}"
                IsVisible="{Binding RequestAdminApprovalEnabled}"/>
            <Button
                x:Name="_approveWithMasterPassword"
                Text="{u:I18n ApproveWithMasterPassword}" 
                StyleClass="box-button-row"
                Command="{Binding ApproveWithMasterPasswordCommand}"
                IsVisible="{Binding ApproveWithMasterPasswordEnabled}"/>
            <Label
                Text="{Binding LoggingInAsText}"
                StyleClass="text-sm"
                Margin="0,40,0,0"
                AutomationId="LoggingInAsLabel"
                />
            <Label
                Text="{u:I18n NotYou}"
                StyleClass="text-md"
                HorizontalOptions="Start"
                TextColor="{DynamicResource HyperlinkColor}"
                AutomationId="NotYouLabel">
                <Label.GestureRecognizers>
                    <TapGestureRecognizer Command="{Binding LogoutCommand}" />
                </Label.GestureRecognizers>
            </Label>
        </StackLayout>
    </StackLayout>
 </pages:BaseContentPage>
--- a/src/App/Pages/Accounts/LoginApproveDevicePage.xaml.cs
+++ b/src/App/Pages/Accounts/LoginApproveDevicePage.xaml.cs
@@ -1,64 +0,0 @@
 using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.App.Models;
 using Bit.App.Utilities;
 using Bit.Core.Enums;
 using Bit.Core.Utilities;
 using Xamarin.Forms;
 namespace Bit.App.Pages
 {
    public partial class LoginApproveDevicePage : BaseContentPage
    {
        private readonly LoginApproveDeviceViewModel _vm;
        private readonly AppOptions _appOptions;
        public LoginApproveDevicePage(AppOptions appOptions = null)
        {
            InitializeComponent();
            _vm = BindingContext as LoginApproveDeviceViewModel;
            _vm.LogInWithMasterPasswordAction = () => StartLogInWithMasterPasswordAsync().FireAndForget();
            _vm.LogInWithDeviceAction = () => StartLoginWithDeviceAsync().FireAndForget();
            _vm.RequestAdminApprovalAction = () => RequestAdminApprovalAsync().FireAndForget();
            _vm.ContinueToVaultAction = () => ContinueToVaultAsync().FireAndForget();
            _vm.Page = this;
            _appOptions = appOptions;
        }
        protected override void OnAppearing()
        {
            _vm.InitAsync();
        }
        private async Task ContinueToVaultAsync()
        {
            if (AppHelpers.SetAlternateMainPage(_appOptions))
            {
                return;
            }
            var previousPage = await AppHelpers.ClearPreviousPage();
            Application.Current.MainPage = new TabsPage(_appOptions, previousPage);
        }
        private async Task StartLogInWithMasterPasswordAsync()
        {
            var page = new LockPage(_appOptions, checkPendingAuthRequests: false);
            await Navigation.PushModalAsync(new NavigationPage(page));
        }
        private async Task StartLoginWithDeviceAsync()
        {
            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AuthenticateAndUnlock, _appOptions);
            await Navigation.PushModalAsync(new NavigationPage(page));
        }
        private async Task RequestAdminApprovalAsync()
        {
            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AdminApproval, _appOptions);
            await Navigation.PushModalAsync(new NavigationPage(page));
        }
    }
 }
--- a/src/App/Pages/Accounts/LoginApproveDeviceViewModel.cs
+++ b/src/App/Pages/Accounts/LoginApproveDeviceViewModel.cs
@@ -1,150 +0,0 @@
 using System;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using System.Windows.Input;
 using Bit.App.Abstractions;
 using Bit.App.Resources;
 using Bit.App.Utilities.AccountManagement;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Request;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
 using Xamarin.Essentials;
 using Xamarin.Forms;
 namespace Bit.App.Pages
 {
    public class LoginApproveDeviceViewModel : BaseViewModel
    {
        private bool _rememberThisDevice;
        private bool _approveWithMyOtherDeviceEnabled;
        private bool _requestAdminApprovalEnabled;
        private bool _approveWithMasterPasswordEnabled;
        private string _email;
        private readonly IStateService _stateService;
        private readonly IApiService _apiService;
        private IDeviceTrustCryptoService _deviceTrustCryptoService;
        private readonly IAuthService _authService;
        private readonly ISyncService _syncService;
        private readonly IMessagingService _messagingService;
        public ICommand ApproveWithMyOtherDeviceCommand { get; }
        public ICommand RequestAdminApprovalCommand { get; }
        public ICommand ApproveWithMasterPasswordCommand { get; }
        public ICommand ContinueCommand { get; }
        public ICommand LogoutCommand { get; }
        public Action LogInWithMasterPasswordAction { get; set; }
        public Action LogInWithDeviceAction { get; set; }
        public Action RequestAdminApprovalAction { get; set; }
        public Action ContinueToVaultAction { get; set; }
        public LoginApproveDeviceViewModel()
        {
            _stateService = ServiceContainer.Resolve<IStateService>();
            _apiService = ServiceContainer.Resolve<IApiService>();
            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
            _authService = ServiceContainer.Resolve<IAuthService>();
            _syncService = ServiceContainer.Resolve<ISyncService>();
            _messagingService = ServiceContainer.Resolve<IMessagingService>();
            PageTitle = AppResources.LogInInitiated;
            RememberThisDevice = true;
            ApproveWithMyOtherDeviceCommand = new AsyncCommand(() => SetDeviceTrustAndInvokeAsync(LogInWithDeviceAction),
                onException: ex => HandleException(ex),
                allowsMultipleExecutions: false);
            RequestAdminApprovalCommand = new AsyncCommand(() => SetDeviceTrustAndInvokeAsync(RequestAdminApprovalAction),
                onException: ex => HandleException(ex),
                allowsMultipleExecutions: false);
            ApproveWithMasterPasswordCommand = new AsyncCommand(() => SetDeviceTrustAndInvokeAsync(LogInWithMasterPasswordAction),
                onException: ex => HandleException(ex),
                allowsMultipleExecutions: false);
            ContinueCommand = new AsyncCommand(CreateNewSsoUserAsync,
                onException: ex => HandleException(ex),
                allowsMultipleExecutions: false);
            LogoutCommand = new Command(() => _messagingService.Send(AccountsManagerMessageCommands.LOGOUT));
        }
        public string LoggingInAsText => string.Format(AppResources.LoggingInAsX, Email);
        public bool RememberThisDevice
        {
            get => _rememberThisDevice;
            set => SetProperty(ref _rememberThisDevice, value);
        }
        public bool ApproveWithMyOtherDeviceEnabled
        {
            get => _approveWithMyOtherDeviceEnabled;
            set => SetProperty(ref _approveWithMyOtherDeviceEnabled, value);
        }
        public bool RequestAdminApprovalEnabled
        {
            get => _requestAdminApprovalEnabled;
            set => SetProperty(ref _requestAdminApprovalEnabled, value,
                additionalPropertyNames: new[] { nameof(IsNewUser) });
        }
        public bool ApproveWithMasterPasswordEnabled
        {
            get => _approveWithMasterPasswordEnabled;
            set => SetProperty(ref _approveWithMasterPasswordEnabled, value,
                additionalPropertyNames: new[] { nameof(IsNewUser) });
        }
        public bool IsNewUser => !RequestAdminApprovalEnabled && !ApproveWithMasterPasswordEnabled;
        public string Email
        {
            get => _email;
            set => SetProperty(ref _email, value, additionalPropertyNames:
                new string[] {
                    nameof(LoggingInAsText)
                });
        }
        public async Task InitAsync()
        {
            try
            {
                Email = await _stateService.GetActiveUserEmailAsync();
                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                RequestAdminApprovalEnabled = decryptOptions?.TrustedDeviceOption?.HasAdminApproval ?? false;
                ApproveWithMasterPasswordEnabled = decryptOptions?.HasMasterPassword ?? false;
                ApproveWithMyOtherDeviceEnabled = decryptOptions?.TrustedDeviceOption?.HasLoginApprovingDevice ?? false;
            }
            catch (Exception ex)
            {
                HandleException(ex);
            }
        }
        public async Task CreateNewSsoUserAsync()
        {
            await _authService.CreateNewSsoUserAsync(await _stateService.GetRememberedOrgIdentifierAsync());
            if (RememberThisDevice)
            {
                await _deviceTrustCryptoService.TrustDeviceAsync();
            }
            _syncService.FullSyncAsync(true).FireAndForget();
            await Device.InvokeOnMainThreadAsync(ContinueToVaultAction);
        }
        private async Task SetDeviceTrustAndInvokeAsync(Action action)
        {
            await _deviceTrustCryptoService.SetShouldTrustDeviceAsync(RememberThisDevice);
            await Device.InvokeOnMainThreadAsync(action);
        }
    }
 }
--- a/src/App/Pages/Accounts/LoginPage.xaml.cs
+++ b/src/App/Pages/Accounts/LoginPage.xaml.cs
@@ -4,7 +4,6 @@ using Bit.App.Models;
 using Bit.App.Utilities;
 using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
@@ -136,7 +135,7 @@ namespace Bit.App.Pages
        private async Task StartLoginWithDeviceAsync()
        {
-            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AuthenticateAndUnlock, _appOptions);
+            var page = new LoginPasswordlessRequestPage(_vm.Email, _appOptions);
            await Navigation.PushModalAsync(new NavigationPage(page));
        }
--- a/src/App/Pages/Accounts/LoginPasswordlessRequestPage.xaml
+++ b/src/App/Pages/Accounts/LoginPasswordlessRequestPage.xaml
@@ -21,17 +21,17 @@
        <StackLayout
            Padding="7, 0, 7, 20">
            <Label
-                Text="{Binding Title}"
+                Text="{u:I18n LogInInitiated}"
                FontSize="Title"
                FontAttributes="Bold"
                Margin="0,14,0,21"
                AutomationId="LogInInitiatedLabel" />
            <Label
-                Text="{Binding SubTitle}"
+                Text="{u:I18n ANotificationHasBeenSentToYourDevice}"
                FontSize="Small"
                Margin="0,0,0,10"/>
            <Label
-                Text="{Binding Description}"
+                Text="{u:I18n PleaseMakeSureYourVaultIsUnlockedAndTheFingerprintPhraseMatchesOnTheOtherDevice}"
                FontSize="Small"
                Margin="0,0,0,24"/>
            <Label
@@ -40,39 +40,41 @@
                FontAttributes="Bold"/>
            <controls:MonoLabel
                FormattedText="{Binding FingerprintPhrase}"
-                FontSize="Small"
+                FontSize="Medium"
                TextColor="{DynamicResource FingerprintPhrase}"
                AutomationId="FingerprintPhraseValue" />
            <Label
                Text="{u:I18n ResendNotification}"
-                IsVisible="{Binding ResendNotificationVisible}"
+                StyleClass="text-md"
                StyleClass="text-sm"
                FontAttributes="Bold"
                HorizontalOptions="Start"
-                Margin="0,24,0,0"
+                Margin="0,40,0,0"
                TextColor="{DynamicResource HyperlinkColor}"
                AutomationId="ResendNotificationButton">
                <Label.GestureRecognizers>
                    <TapGestureRecognizer Command="{Binding CreatePasswordlessLoginCommand}" />
                </Label.GestureRecognizers>
            </Label>
-            <BoxView
+            <StackLayout
-                HeightRequest="1"
+                Orientation="Horizontal"
-                Margin="0,24,0,24"
+                Margin="0,30,0,0">
-                Color="{DynamicResource DisabledIconColor}" />
+                <Label
-            <Label
+                    Text="{u:I18n NeedAnotherOption}"
-                Text="{Binding OtherOptions}"
+                    FontSize="Small"
-                FontSize="Small"/>
+                    VerticalTextAlignment="End"/>
-            <Label
+                <Label
-                Text="{u:I18n ViewAllLoginOptions}"
+                    Text="{u:I18n ViewAllLoginOptions}"
-                StyleClass="text-sm"
+                    StyleClass="text-md"
-                FontAttributes="Bold"
+                    VerticalTextAlignment="End"
-                TextColor="{DynamicResource HyperlinkColor}"
+                    VerticalOptions="CenterAndExpand"
-                AutomationId="ViewAllLoginOptionsButton">
+                    Margin="5, 0"
-                <Label.GestureRecognizers>
+                    TextColor="{DynamicResource HyperlinkColor}"
-                    <TapGestureRecognizer Command="{Binding CloseCommand}" />
+                    AutomationId="ViewAllLoginOptionsButton">
-                </Label.GestureRecognizers>
+                    <Label.GestureRecognizers>
-            </Label>
+                        <TapGestureRecognizer Command="{Binding CloseCommand}" />
                    </Label.GestureRecognizers>
                </Label>
            </StackLayout>
        </StackLayout>
    </ScrollView>
 </pages:BaseContentPage>
--- a/src/App/Pages/Accounts/LoginPasswordlessRequestPage.xaml.cs
+++ b/src/App/Pages/Accounts/LoginPasswordlessRequestPage.xaml.cs
@@ -3,7 +3,6 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.App.Models;
 using Bit.App.Utilities;
 using Bit.Core.Enums;
 using Xamarin.Forms;
 namespace Bit.App.Pages
@@ -13,14 +12,13 @@ namespace Bit.App.Pages
        private LoginPasswordlessRequestViewModel _vm;
        private readonly AppOptions _appOptions;
-        public LoginPasswordlessRequestPage(string email, AuthRequestType authRequestType, AppOptions appOptions = null)
+        public LoginPasswordlessRequestPage(string email, AppOptions appOptions = null)
        {
            InitializeComponent();
            _appOptions = appOptions;
            _vm = BindingContext as LoginPasswordlessRequestViewModel;
            _vm.Page = this;
            _vm.Email = email;
            _vm.AuthRequestType = authRequestType;
            _vm.StartTwoFactorAction = () => Device.BeginInvokeOnMainThread(async () => await StartTwoFactorAsync());
            _vm.LogInSuccessAction = () => Device.BeginInvokeOnMainThread(async () => await LogInSuccessAsync());
            _vm.UpdateTempPasswordAction = () => Device.BeginInvokeOnMainThread(async () => await UpdateTempPasswordAsync());
--- a/src/App/Pages/Accounts/LoginPasswordlessRequestViewModel.cs
+++ b/src/App/Pages/Accounts/LoginPasswordlessRequestViewModel.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
@@ -13,7 +12,6 @@ using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Response;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
@@ -34,9 +32,6 @@ namespace Bit.App.Pages
        private IPlatformUtilsService _platformUtilsService;
        private IEnvironmentService _environmentService;
        private ILogger _logger;
        private IDeviceTrustCryptoService _deviceTrustCryptoService;
        private readonly ICryptoFunctionService _cryptoFunctionService;
        private readonly ICryptoService _cryptoService;
        protected override II18nService i18nService => _i18nService;
        protected override IEnvironmentService environmentService => _environmentService;
@@ -49,7 +44,6 @@ namespace Bit.App.Pages
        private string _email;
        private string _requestId;
        private string _requestAccessCode;
        private AuthRequestType _authRequestType;
        // Item1 publicKey, Item2 privateKey
        private Tuple<byte[], byte[]> _requestKeyPair;
@@ -63,9 +57,8 @@ namespace Bit.App.Pages
            _i18nService = ServiceContainer.Resolve<II18nService>();
            _stateService = ServiceContainer.Resolve<IStateService>();
            _logger = ServiceContainer.Resolve<ILogger>();
-            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
+
-            _cryptoFunctionService = ServiceContainer.Resolve<ICryptoFunctionService>();
+            PageTitle = AppResources.LogInWithAnotherDevice;
            _cryptoService = ServiceContainer.Resolve<ICryptoService>();
            CreatePasswordlessLoginCommand = new AsyncCommand(CreatePasswordlessLoginAsync,
                onException: ex => HandleException(ex),
@@ -84,86 +77,6 @@ namespace Bit.App.Pages
        public ICommand CreatePasswordlessLoginCommand { get; }
        public ICommand CloseCommand { get; }
        public string HeaderTitle
        {
            get
            {
                switch (_authRequestType)
                {
                    case AuthRequestType.AuthenticateAndUnlock:
                        return AppResources.LogInWithDevice;
                    case AuthRequestType.AdminApproval:
                        return AppResources.LogInInitiated;
                    default:
                        return string.Empty;
                };
            }
        }
        public string Title
        {
            get
            {
                switch (_authRequestType)
                {
                    case AuthRequestType.AuthenticateAndUnlock:
                        return AppResources.LogInInitiated;
                    case AuthRequestType.AdminApproval:
                        return AppResources.AdminApprovalRequested;
                    default:
                        return string.Empty;
                };
            }
        }
        public string SubTitle
        {
            get
            {
                switch (_authRequestType)
                {
                    case AuthRequestType.AuthenticateAndUnlock:
                        return AppResources.ANotificationHasBeenSentToYourDevice;
                    case AuthRequestType.AdminApproval:
                        return AppResources.YourRequestHasBeenSentToYourAdmin;
                    default:
                        return string.Empty;
                };
            }
        }
        public string Description
        {
            get
            {
                switch (_authRequestType)
                {
                    case AuthRequestType.AuthenticateAndUnlock:
                        return AppResources.PleaseMakeSureYourVaultIsUnlockedAndTheFingerprintPhraseMatchesOnTheOtherDevice;
                    case AuthRequestType.AdminApproval:
                        return AppResources.YouWillBeNotifiedOnceApproved;
                    default:
                        return string.Empty;
                };
            }
        }
        public string OtherOptions
        {
            get
            {
                switch (_authRequestType)
                {
                    case AuthRequestType.AuthenticateAndUnlock:
                        return AppResources.LogInWithDeviceMustBeSetUpInTheSettingsOfTheBitwardenAppNeedAnotherOption;
                    case AuthRequestType.AdminApproval:
                        return AppResources.TroubleLoggingIn;
                    default:
                        return string.Empty;
                };
            }
        }
        public string FingerprintPhrase
        {
            get => _fingerprintPhrase;
@@ -176,25 +89,6 @@ namespace Bit.App.Pages
            set => SetProperty(ref _email, value);
        }
        public AuthRequestType AuthRequestType
        {
            get => _authRequestType;
            set
            {
                SetProperty(ref _authRequestType, value, additionalPropertyNames: new string[]
                {
                    nameof(Title),
                    nameof(SubTitle),
                    nameof(Description),
                    nameof(OtherOptions),
                    nameof(ResendNotificationVisible)
                });
                PageTitle = HeaderTitle;
            }
        }
        public bool ResendNotificationVisible => AuthRequestType == AuthRequestType.AuthenticateAndUnlock;
        public void StartCheckLoginRequestStatus()
        {
            try
@@ -225,22 +119,14 @@ namespace Bit.App.Pages
        private async Task CheckLoginRequestStatus()
        {
-            if (string.IsNullOrEmpty(_requestId))
+            if (string.IsNullOrEmpty(_requestId) || string.IsNullOrEmpty(_requestAccessCode))
            {
                return;
            }
            try
            {
-                PasswordlessLoginResponse response = null;
+                var response = await _authService.GetPasswordlessLoginResponseAsync(_requestId, _requestAccessCode);
                if (await _stateService.IsAuthenticatedAsync())
                {
                    response = await _authService.GetPasswordlessLoginRequestByIdAsync(_requestId);
                }
                else
                {
                    response = await _authService.GetPasswordlessLoginResquestAsync(_requestId, _requestAccessCode);
                }
                if (response.RequestApproved == null || !response.RequestApproved.Value)
                {
@@ -252,12 +138,6 @@ namespace Bit.App.Pages
                var authResult = await _authService.LogInPasswordlessAsync(Email, _requestAccessCode, _requestId, _requestKeyPair.Item2, response.Key, response.MasterPasswordHash);
                await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                if (authResult == null && await _stateService.IsAuthenticatedAsync())
                {
                    await HandleLoginCompleteAsync();
                    return;
                }
                if (await HandleCaptchaAsync(authResult.CaptchaSiteKey, authResult.CaptchaNeeded, CheckLoginRequestStatus))
                {
                    return;
@@ -273,7 +153,8 @@ namespace Bit.App.Pages
                }
                else
                {
-                    await HandleLoginCompleteAsync();
+                    _syncService.FullSyncAsync(true).FireAndForget();
                    LogInSuccessAction?.Invoke();
                }
            }
            catch (Exception ex)
@@ -283,67 +164,22 @@ namespace Bit.App.Pages
            }
        }
        private async Task HandleLoginCompleteAsync()
        {
            await _stateService.SetPendingAdminAuthRequestAsync(null);
            _syncService.FullSyncAsync(true).FireAndForget();
            LogInSuccessAction?.Invoke();
        }
        private async Task CreatePasswordlessLoginAsync()
        {
            await Device.InvokeOnMainThreadAsync(() => _deviceActionService.ShowLoadingAsync(AppResources.Loading));
-            PasswordlessLoginResponse response = null;
+            var response = await _authService.PasswordlessCreateLoginRequestAsync(_email);
-            var pendingRequest = await _stateService.GetPendingAdminAuthRequestAsync();
+            if (response != null)
            if (pendingRequest != null && _authRequestType == AuthRequestType.AdminApproval)
            {
-                response = await _authService.GetPasswordlessLoginRequestByIdAsync(pendingRequest.Id);
+                FingerprintPhrase = response.FingerprintPhrase;
-                if (response == null || (response.IsAnswered && !response.RequestApproved.Value))
+                _requestId = response.Id;
-                {
+                _requestAccessCode = response.RequestAccessCode;
-                    // handle pending auth request not valid remove it from state
+                _requestKeyPair = response.RequestKeyPair;
                    await _stateService.SetPendingAdminAuthRequestAsync(null);
                    pendingRequest = null;
                    response = null;
                }
                else
                {
                    // Derive pubKey from privKey in state to avoid MITM attacks
                    // Also generate FingerprintPhrase locally for the same reason
                    var derivedPublicKey = await _cryptoFunctionService.RsaExtractPublicKeyAsync(pendingRequest.PrivateKey);
                    response.FingerprintPhrase = string.Join("-", await _cryptoService.GetFingerprintAsync(Email, derivedPublicKey));
                    response.RequestKeyPair = new Tuple<byte[], byte[]>(derivedPublicKey, pendingRequest.PrivateKey);
                }
            }
            if (response == null)
            {
                response = await _authService.PasswordlessCreateLoginRequestAsync(_email, AuthRequestType);
            }
            await HandlePasswordlessLoginAsync(response, pendingRequest == null && _authRequestType == AuthRequestType.AdminApproval);
            await _deviceActionService.HideLoadingAsync();
        }
        private async Task HandlePasswordlessLoginAsync(PasswordlessLoginResponse response, bool createPendingAdminRequest)
        {
            if (response == null)
            {
                throw new ArgumentNullException(nameof(response));
            }
            if (createPendingAdminRequest)
            {
                var pendingAuthRequest = new PendingAdminAuthRequest { Id = response.Id, PrivateKey = response.RequestKeyPair.Item2 };
                await _stateService.SetPendingAdminAuthRequestAsync(pendingAuthRequest);
            }
            FingerprintPhrase = response.FingerprintPhrase;
            _requestId = response.Id;
            _requestAccessCode = response.RequestAccessCode;
            _requestKeyPair = response.RequestKeyPair;
        }
        private void HandleException(Exception ex)
        {
            Xamarin.Essentials.MainThread.InvokeOnMainThreadAsync(async () =>
--- a/src/App/Pages/Accounts/LoginSsoPage.xaml.cs
+++ b/src/App/Pages/Accounts/LoginSsoPage.xaml.cs
@@ -29,8 +29,6 @@ namespace Bit.App.Pages
            _vm.SsoAuthSuccessAction = () => Device.BeginInvokeOnMainThread(async () => await SsoAuthSuccessAsync());
            _vm.UpdateTempPasswordAction =
                () => Device.BeginInvokeOnMainThread(async () => await UpdateTempPasswordAsync());
            _vm.StartDeviceApprovalOptionsAction =
                () => Device.BeginInvokeOnMainThread(async () => await StartDeviceApprovalOptionsAsync());
            _vm.CloseAction = async () =>
            {
                await Navigation.PopModalAsync();
@@ -108,17 +106,10 @@ namespace Bit.App.Pages
            await Navigation.PushModalAsync(new NavigationPage(page));
        }
        private async Task StartDeviceApprovalOptionsAsync()
        {
            var page = new LoginApproveDevicePage();
            await Navigation.PushModalAsync(new NavigationPage(page));
        }
        private async Task SsoAuthSuccessAsync()
        {
            RestoreAppOptionsFromCopy();
            await AppHelpers.ClearPreviousPage();
            if (await _vaultTimeoutService.IsLockedAsync())
            {
                Application.Current.MainPage = new NavigationPage(new LockPage(_appOptions));
--- a/src/App/Pages/Accounts/LoginSsoPageViewModel.cs
+++ b/src/App/Pages/Accounts/LoginSsoPageViewModel.cs
@@ -9,7 +9,6 @@ using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Domain;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
 using Xamarin.Essentials;
@@ -30,8 +29,6 @@ namespace Bit.App.Pages
        private readonly IStateService _stateService;
        private readonly ILogger _logger;
        private readonly IOrganizationService _organizationService;
        private readonly IDeviceTrustCryptoService _deviceTrustCryptoService;
        private readonly ICryptoService _cryptoService;
        private string _orgIdentifier;
@@ -48,8 +45,7 @@ namespace Bit.App.Pages
            _stateService = ServiceContainer.Resolve<IStateService>("stateService");
            _logger = ServiceContainer.Resolve<ILogger>("logger");
            _organizationService = ServiceContainer.Resolve<IOrganizationService>();
-            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
+
            _cryptoService = ServiceContainer.Resolve<ICryptoService>();
            PageTitle = AppResources.Bitwarden;
            LogInCommand = new AsyncCommand(LogInAsync, allowsMultipleExecutions: false);
@@ -65,7 +61,6 @@ namespace Bit.App.Pages
        public Action StartTwoFactorAction { get; set; }
        public Action StartSetPasswordAction { get; set; }
        public Action SsoAuthSuccessAction { get; set; }
        public Action StartDeviceApprovalOptionsAction { get; set; }
        public Action CloseAction { get; set; }
        public Action UpdateTempPasswordAction { get; set; }
@@ -149,6 +144,7 @@ namespace Bit.App.Pages
                authResult = await WebAuthenticator.AuthenticateAsync(new Uri(url),
                    new Uri(REDIRECT_URI));
                var code = GetResultCode(authResult, state);
                if (!string.IsNullOrEmpty(code))
                {
@@ -201,89 +197,28 @@ namespace Bit.App.Pages
            try
            {
                var response = await _authService.LogInSsoAsync(code, codeVerifier, REDIRECT_URI, orgId);
                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                await _stateService.SetRememberedOrgIdentifierAsync(OrgIdentifier);
                await _deviceActionService.HideLoadingAsync();
                if (response.TwoFactor)
                {
                    StartTwoFactorAction?.Invoke();
                    return;
                }
-
+                else if (response.ResetMasterPassword)
                if (decryptOptions?.TrustedDeviceOption != null)
                {
                    var pendingRequest = await _stateService.GetPendingAdminAuthRequestAsync();
                    // If user doesn't have a MP, but has reset password permission, they must set a MP
                    if (!decryptOptions.HasMasterPassword &&
                        decryptOptions.TrustedDeviceOption.HasManageResetPasswordPermission)
                    {
                        StartSetPasswordAction?.Invoke();
                    }
                    else if (response.ForcePasswordReset)
                    {
                        UpdateTempPasswordAction?.Invoke();
                    }
                    else if (await _deviceTrustCryptoService.IsDeviceTrustedAsync())
                    {
                        if (decryptOptions.TrustedDeviceOption.EncryptedPrivateKey == null && decryptOptions.TrustedDeviceOption.EncryptedUserKey == null)
                        {
                            await _deviceTrustCryptoService.RemoveTrustedDeviceAsync();
                            StartDeviceApprovalOptionsAction?.Invoke();
                        }
                        else
                        {
                            _syncService.FullSyncAsync(true).FireAndForget();
                            SsoAuthSuccessAction?.Invoke();
                        }
                    }
                    else if (pendingRequest != null)
                    {
                        var authRequest = await _authService.GetPasswordlessLoginRequestByIdAsync(pendingRequest.Id);
                        if (authRequest != null && authRequest.RequestApproved != null && authRequest.RequestApproved.Value)
                        {
                            var authResult = await _authService.LogInPasswordlessAsync(await _stateService.GetActiveUserEmailAsync(), authRequest.RequestAccessCode, pendingRequest.Id, pendingRequest.PrivateKey, authRequest.Key, authRequest.MasterPasswordHash);
                            if (authResult == null && await _stateService.IsAuthenticatedAsync())
                            {
                                await Xamarin.Essentials.MainThread.InvokeOnMainThreadAsync(
                                 () => _platformUtilsService.ShowToast("info", null, AppResources.LoginApproved));
                                await _stateService.SetPendingAdminAuthRequestAsync(null);
                                _syncService.FullSyncAsync(true).FireAndForget();
                                SsoAuthSuccessAction?.Invoke();
                            }
                        }
                        else
                        {
                            await _stateService.SetPendingAdminAuthRequestAsync(null);
                            StartDeviceApprovalOptionsAction?.Invoke();
                        }
                    }
                    else
                    {
                        StartDeviceApprovalOptionsAction?.Invoke();
                    }
                    return;
                }
                // In the standard, non TDE case, a user must set password if they don't
                // have one and they aren't using key connector.
                // Note: TDE & Key connector are mutually exclusive org config options.
                if (response.ResetMasterPassword || (decryptOptions?.RequireSetPassword ?? false))
                {
                    StartSetPasswordAction?.Invoke();
                    return;
                }
-
+                else if (response.ForcePasswordReset)
                if (response.ForcePasswordReset)
                {
                    UpdateTempPasswordAction?.Invoke();
                    return;
                }
-
+                else
-                _syncService.FullSyncAsync(true).FireAndForget();
+                {
-                SsoAuthSuccessAction?.Invoke();
+                    var task = Task.Run(async () => await _syncService.FullSyncAsync(true));
                    SsoAuthSuccessAction?.Invoke();
                }
            }
-            catch (Exception)
+            catch (Exception e)
            {
                await _deviceActionService.HideLoadingAsync();
                await _platformUtilsService.ShowDialogAsync(AppResources.LoginSsoError,
--- a/src/App/Pages/Accounts/RegisterPageViewModel.cs
+++ b/src/App/Pages/Accounts/RegisterPageViewModel.cs
@@ -177,25 +177,25 @@ namespace Bit.App.Pages
            Name = string.IsNullOrWhiteSpace(Name) ? null : Name;
            Email = Email.Trim().ToLower();
            var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
-            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, Email, kdfConfig);
+            var key = await _cryptoService.MakeKeyAsync(MasterPassword, Email, kdfConfig);
-            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(newMasterKey);
+            var encKey = await _cryptoService.MakeEncKeyAsync(key);
-            var hashedPassword = await _cryptoService.HashMasterKeyAsync(MasterPassword, newMasterKey);
+            var hashedPassword = await _cryptoService.HashPasswordAsync(MasterPassword, key);
-            var (newPublicKey, newProtectedPrivateKey) = await _cryptoService.MakeKeyPairAsync(newUserKey);
+            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
            var request = new RegisterRequest
            {
                Email = Email,
                Name = Name,
                MasterPasswordHash = hashedPassword,
                MasterPasswordHint = Hint,
-                Key = newProtectedUserKey.EncryptedString,
+                Key = encKey.Item2.EncryptedString,
                Kdf = kdfConfig.Type,
                KdfIterations = kdfConfig.Iterations,
                KdfMemory = kdfConfig.Memory,
                KdfParallelism = kdfConfig.Parallelism,
                Keys = new KeysRequest
                {
-                    PublicKey = newPublicKey,
+                    PublicKey = keys.Item1,
-                    EncryptedPrivateKey = newProtectedPrivateKey.EncryptedString
+                    EncryptedPrivateKey = keys.Item2.EncryptedString
                },
                CaptchaResponse = _captchaToken,
            };
--- a/src/App/Pages/Accounts/RemoveMasterPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/RemoveMasterPasswordPageViewModel.cs
@@ -30,14 +30,14 @@ namespace Bit.App.Pages
        public async Task Init()
        {
-            Organization = await _keyConnectorService.GetManagingOrganizationAsync();
+            Organization = await _keyConnectorService.GetManagingOrganization();
        }
        public async Task MigrateAccount()
        {
            await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
-            await _keyConnectorService.MigrateUserAsync();
+            await _keyConnectorService.MigrateUser();
            await _syncService.FullSyncAsync(true);
            await _deviceActionService.HideLoadingAsync();
--- a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
@@ -165,17 +165,26 @@ namespace Bit.App.Pages
            var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
            var email = await _stateService.GetEmailAsync();
-            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
+            var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdfConfig);
-            var masterPasswordHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, newMasterKey, HashPurpose.ServerAuthorization);
+            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.ServerAuthorization);
-            var localMasterPasswordHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, newMasterKey, HashPurpose.LocalAuthorization);
+            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.LocalAuthorization);
-            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(newMasterKey);
+            Tuple<SymmetricCryptoKey, EncString> encKey;
            var existingEncKey = await _cryptoService.GetEncKeyAsync();
            if (existingEncKey == null)
            {
                encKey = await _cryptoService.MakeEncKeyAsync(key);
            }
            else
            {
                encKey = await _cryptoService.RemakeEncKeyAsync(key);
            }
-            var (newPublicKey, newProtectedPrivateKey) = await _cryptoService.MakeKeyPairAsync(newUserKey);
+            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
            var request = new SetPasswordRequest
            {
                MasterPasswordHash = masterPasswordHash,
-                Key = newProtectedUserKey.EncryptedString,
+                Key = encKey.Item2.EncryptedString,
                MasterPasswordHint = Hint,
                Kdf = kdfConfig.Type.GetValueOrDefault(KdfType.PBKDF2_SHA256),
                KdfIterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Pbkdf2Iterations),
@@ -184,8 +193,8 @@ namespace Bit.App.Pages
                OrgIdentifier = OrgIdentifier,
                Keys = new KeysRequest
                {
-                    PublicKey = newPublicKey,
+                    PublicKey = keys.Item1,
-                    EncryptedPrivateKey = newProtectedPrivateKey.EncryptedString
+                    EncryptedPrivateKey = keys.Item2.EncryptedString
                }
            };
@@ -195,20 +204,19 @@ namespace Bit.App.Pages
                // Set Password and relevant information
                await _apiService.SetPasswordAsync(request);
                await _stateService.SetKdfConfigurationAsync(kdfConfig);
-                await _cryptoService.SetUserKeyAsync(newUserKey);
+                await _cryptoService.SetKeyAsync(key);
-                await _cryptoService.SetMasterKeyAsync(newMasterKey);
+                await _cryptoService.SetKeyHashAsync(localMasterPasswordHash);
-                await _cryptoService.SetMasterKeyHashAsync(localMasterPasswordHash);
+                await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
-                await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(newProtectedUserKey.EncryptedString);
+                await _cryptoService.SetEncPrivateKeyAsync(keys.Item2.EncryptedString);
                await _cryptoService.SetUserPrivateKeyAsync(newProtectedPrivateKey.EncryptedString);
                if (ResetPasswordAutoEnroll)
                {
                    // Grab Organization Keys
                    var response = await _apiService.GetOrganizationKeysAsync(OrgId);
                    var publicKey = CoreHelpers.Base64UrlDecode(response.PublicKey);
-                    // Grab User Key and encrypt with Org Public Key
+                    // Grab user's Encryption Key and encrypt with Org Public Key
-                    var userKey = await _cryptoService.GetUserKeyAsync();
+                    var userEncKey = await _cryptoService.GetEncKeyAsync();
-                    var encryptedKey = await _cryptoService.RsaEncryptAsync(userKey.Key, publicKey);
+                    var encryptedKey = await _cryptoService.RsaEncryptAsync(userEncKey.Key, publicKey);
                    // Request
                    var resetRequest = new OrganizationUserResetPasswordEnrollmentRequest
                    {
--- a/src/App/Pages/Accounts/TwoFactorPage.xaml.cs
+++ b/src/App/Pages/Accounts/TwoFactorPage.xaml.cs
@@ -4,7 +4,6 @@ using Bit.App.Controls;
 using Bit.App.Models;
 using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.Forms;
@@ -25,23 +24,19 @@ namespace Bit.App.Pages
        {
            InitializeComponent();
            SetActivityIndicator();
            _authingWithSso = authingWithSso ?? false;
            _appOptions = appOptions;
            _orgIdentifier = orgIdentifier;
            _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>("broadcasterService");
            _messagingService = ServiceContainer.Resolve<IMessagingService>("messagingService");
            _vm = BindingContext as TwoFactorPageViewModel;
            _vm.Page = this;
            _vm.AuthingWithSso = authingWithSso ?? false;
            _vm.StartSetPasswordAction = () =>
                Device.BeginInvokeOnMainThread(async () => await StartSetPasswordAsync());
            _vm.TwoFactorAuthSuccessAction = () =>
-                Device.BeginInvokeOnMainThread(async () => await TwoFactorAuthSuccessToMainAsync());
+                Device.BeginInvokeOnMainThread(async () => await TwoFactorAuthSuccessAsync());
            _vm.LockAction = () =>
                Device.BeginInvokeOnMainThread(TwoFactorAuthSuccessWithSSOLocked);
            _vm.UpdateTempPasswordAction =
                () => Device.BeginInvokeOnMainThread(async () => await UpdateTempPasswordAsync());
            _vm.StartDeviceApprovalOptionsAction =
                () => Device.BeginInvokeOnMainThread(async () => await StartDeviceApprovalOptionsAsync());
            _vm.CloseAction = async () => await Navigation.PopModalAsync();
            DuoWebView = _duoWebView;
            if (Device.RuntimePlatform == Device.Android)
@@ -185,25 +180,21 @@ namespace Bit.App.Pages
            await Navigation.PushModalAsync(new NavigationPage(page));
        }
-        private async Task StartDeviceApprovalOptionsAsync()
+        private async Task TwoFactorAuthSuccessAsync()
        {
-            var page = new LoginApproveDevicePage();
+            if (_authingWithSso)
            await Navigation.PushModalAsync(new NavigationPage(page));
        }
        private void TwoFactorAuthSuccessWithSSOLocked()
        {
            Application.Current.MainPage = new NavigationPage(new LockPage(_appOptions));
        }
        private async Task TwoFactorAuthSuccessToMainAsync()
        {
            if (AppHelpers.SetAlternateMainPage(_appOptions))
            {
-                return;
+                Application.Current.MainPage = new NavigationPage(new LockPage(_appOptions));
            }
            else
            {
                if (AppHelpers.SetAlternateMainPage(_appOptions))
                {
                    return;
                }
                var previousPage = await AppHelpers.ClearPreviousPage();
                Application.Current.MainPage = new TabsPage(_appOptions, previousPage);
            }
            var previousPage = await AppHelpers.ClearPreviousPage();
            Application.Current.MainPage = new TabsPage(_appOptions, previousPage);
        }
        private void Token_TextChanged(object sender, TextChangedEventArgs e)
--- a/src/App/Pages/Accounts/TwoFactorPageViewModel.cs
+++ b/src/App/Pages/Accounts/TwoFactorPageViewModel.cs
@@ -11,7 +11,6 @@ using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Request;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Newtonsoft.Json;
 using Xamarin.CommunityToolkit.ObjectModel;
@@ -33,9 +32,8 @@ namespace Bit.App.Pages
        private readonly IStateService _stateService;
        private readonly II18nService _i18nService;
        private readonly IAppIdService _appIdService;
        private readonly IVaultTimeoutService _vaultTimeoutService;
        private readonly ILogger _logger;
-        private readonly IDeviceTrustCryptoService _deviceTrustCryptoService;
+
        private TwoFactorProviderType? _selectedProviderType;
        private string _totpInstruction;
        private string _webVaultUrl = "https://vault.bitwarden.com";
@@ -56,9 +54,7 @@ namespace Bit.App.Pages
            _stateService = ServiceContainer.Resolve<IStateService>("stateService");
            _i18nService = ServiceContainer.Resolve<II18nService>("i18nService");
            _appIdService = ServiceContainer.Resolve<IAppIdService>("appIdService");
            _vaultTimeoutService = ServiceContainer.Resolve<IVaultTimeoutService>();
            _logger = ServiceContainer.Resolve<ILogger>();
            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
            PageTitle = AppResources.TwoStepLogin;
            SubmitCommand = new Command(async () => await SubmitAsync());
@@ -73,8 +69,6 @@ namespace Bit.App.Pages
        public bool Remember { get; set; }
        public bool AuthingWithSso { get; set; }
        public string Token { get; set; }
        public bool DuoMethod => SelectedProviderType == TwoFactorProviderType.Duo ||
@@ -124,8 +118,6 @@ namespace Bit.App.Pages
        public Command SubmitCommand { get; }
        public ICommand MoreCommand { get; }
        public Action TwoFactorAuthSuccessAction { get; set; }
        public Action LockAction { get; set; }
        public Action StartDeviceApprovalOptionsAction { get; set; }
        public Action StartSetPasswordAction { get; set; }
        public Action CloseAction { get; set; }
        public Action UpdateTempPasswordAction { get; set; }
@@ -323,7 +315,6 @@ namespace Bit.App.Pages
                var task = Task.Run(() => _syncService.FullSyncAsync(true));
                await _deviceActionService.HideLoadingAsync();
                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                _messagingService.Send("listenYubiKeyOTP", false);
                _broadcasterService.Unsubscribe(nameof(TwoFactorPage));
@@ -335,38 +326,9 @@ namespace Bit.App.Pages
                {
                    UpdateTempPasswordAction?.Invoke();
                }
                else if (decryptOptions?.TrustedDeviceOption != null)
                {
                    // If user doesn't have a MP, but has reset password permission, they must set a MP
                    if (!decryptOptions.HasMasterPassword &&
                        decryptOptions.TrustedDeviceOption.HasManageResetPasswordPermission)
                    {
                        StartSetPasswordAction?.Invoke();
                    }
                    else if (result.ForcePasswordReset)
                    {
                        UpdateTempPasswordAction?.Invoke();
                    }
                    else if (await _deviceTrustCryptoService.IsDeviceTrustedAsync())
                    {
                        if (decryptOptions.TrustedDeviceOption.EncryptedPrivateKey == null && decryptOptions.TrustedDeviceOption.EncryptedUserKey == null)
                        {
                            await _deviceTrustCryptoService.RemoveTrustedDeviceAsync();
                            StartDeviceApprovalOptionsAction?.Invoke();
                        }
                        else
                        {
                            await TwoFactorAuthSuccessAsync();
                        }
                    }
                    else
                    {
                        StartDeviceApprovalOptionsAction?.Invoke();
                    }
                }
                else
                {
-                    await TwoFactorAuthSuccessAsync();
+                    TwoFactorAuthSuccessAction?.Invoke();
                }
            }
            catch (ApiException e)
@@ -460,17 +422,5 @@ namespace Bit.App.Pages
                return false;
            }
        }
        public async Task TwoFactorAuthSuccessAsync()
        {
            if (AuthingWithSso && await _vaultTimeoutService.IsLockedAsync())
            {
                LockAction?.Invoke();
            }
            else
            {
                TwoFactorAuthSuccessAction?.Invoke();
            }
        }
    }
 }
--- a/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
@@ -93,12 +93,12 @@ namespace Bit.App.Pages
            var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
            var email = await _stateService.GetEmailAsync();
-            // Create new master key and hash new password
+            // Create new key and hash new password
-            var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
+            var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdfConfig);
-            var masterPasswordHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey);
+            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key);
-            // Encrypt user key with new master key
+            // Create new encKey for the User
-            var (userKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(masterKey);
+            var newEncKey = await _cryptoService.RemakeEncKeyAsync(key);
            // Initiate API action
            try
@@ -108,10 +108,10 @@ namespace Bit.App.Pages
                switch (_reason)
                {
                    case ForcePasswordResetReason.AdminForcePasswordReset:
-                        await UpdateTempPasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
+                        await UpdateTempPasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString);
                        break;
                    case ForcePasswordResetReason.WeakMasterPasswordOnLogin:
-                        await UpdatePasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
+                        await UpdatePasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString);
                        break;
                    default:
                        throw new ArgumentOutOfRangeException();
@@ -155,7 +155,7 @@ namespace Bit.App.Pages
        private async Task UpdatePasswordAsync(string newMasterPasswordHash, string newEncKey)
        {
-            var currentPasswordHash = await _cryptoService.HashMasterKeyAsync(CurrentMasterPassword, null);
+            var currentPasswordHash = await _cryptoService.HashPasswordAsync(CurrentMasterPassword, null);
            var request = new PasswordRequest
            {
--- a/src/App/Pages/Settings/BlockAutofillUrisPage.xaml
+++ b/src/App/Pages/Settings/BlockAutofillUrisPage.xaml
@@ -7,7 +7,6 @@
    xmlns:u="clr-namespace:Bit.App.Utilities"
    xmlns:core="clr-namespace:Bit.Core;assembly=BitwardenCore"
    x:DataType="pages:BlockAutofillUrisPageViewModel"
    NavigationPage.HasBackButton="False"
    Title="{u:I18n BlockAutoFill}">
    <ContentPage.BindingContext>
        <pages:BlockAutofillUrisPageViewModel />
--- a/src/App/Pages/Settings/ExportVaultPageViewModel.cs
+++ b/src/App/Pages/Settings/ExportVaultPageViewModel.cs
@@ -21,6 +21,7 @@ namespace Bit.App.Pages
        private readonly II18nService _i18nService;
        private readonly IExportService _exportService;
        private readonly IPolicyService _policyService;
        private readonly IKeyConnectorService _keyConnectorService;
        private readonly IUserVerificationService _userVerificationService;
        private readonly IApiService _apiService;
        private readonly ILogger _logger;
@@ -44,7 +45,8 @@ namespace Bit.App.Pages
            _i18nService = ServiceContainer.Resolve<II18nService>("i18nService");
            _exportService = ServiceContainer.Resolve<IExportService>("exportService");
            _policyService = ServiceContainer.Resolve<IPolicyService>("policyService");
-            _userVerificationService = ServiceContainer.Resolve<IUserVerificationService>();
+            _keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
            _userVerificationService = ServiceContainer.Resolve<IUserVerificationService>("userVerificationService");
            _apiService = ServiceContainer.Resolve<IApiService>("apiService");
            _logger = ServiceContainer.Resolve<ILogger>("logger");
@@ -65,7 +67,7 @@ namespace Bit.App.Pages
            _initialized = true;
            FileFormatSelectedIndex = FileFormatOptions.FindIndex(k => k.Key == "json");
            DisablePrivateVaultPolicyEnabled = await _policyService.PolicyAppliesToUser(PolicyType.DisablePersonalVaultExport);
-            UseOTPVerification = !await _userVerificationService.HasMasterPasswordAsync();
+            UseOTPVerification = await _keyConnectorService.GetUsesKeyConnector();
            if (UseOTPVerification)
            {
@@ -163,9 +165,9 @@ namespace Bit.App.Pages
                return;
            }
-            var verificationType = await _userVerificationService.HasMasterPasswordAsync()
+            var verificationType = await _keyConnectorService.GetUsesKeyConnector()
-                ? VerificationType.MasterPassword
+                ? VerificationType.OTP
-                : VerificationType.OTP;
+                : VerificationType.MasterPassword;
            if (!await _userVerificationService.VerifyUser(Secret, verificationType))
            {
                return;
--- a/src/App/Pages/Settings/SettingsPage/SettingsPageViewModel.cs
+++ b/src/App/Pages/Settings/SettingsPage/SettingsPageViewModel.cs
@@ -29,7 +29,7 @@ namespace Bit.App.Pages
        private readonly IBiometricService _biometricService;
        private readonly IPolicyService _policyService;
        private readonly ILocalizeService _localizeService;
-        private readonly IUserVerificationService _userVerificationService;
+        private readonly IKeyConnectorService _keyConnectorService;
        private readonly IClipboardService _clipboardService;
        private readonly ILogger _loggerService;
        private readonly IPushNotificationService _pushNotificationService;
@@ -48,7 +48,6 @@ namespace Bit.App.Pages
        private bool _reportLoggingEnabled;
        private bool _approvePasswordlessLoginRequests;
        private bool _shouldConnectToWatch;
        private bool _hasMasterPassword;
        private readonly static List<KeyValuePair<string, int?>> VaultTimeoutOptions =
            new List<KeyValuePair<string, int?>>
            {
@@ -89,7 +88,7 @@ namespace Bit.App.Pages
            _biometricService = ServiceContainer.Resolve<IBiometricService>("biometricService");
            _policyService = ServiceContainer.Resolve<IPolicyService>("policyService");
            _localizeService = ServiceContainer.Resolve<ILocalizeService>("localizeService");
-            _userVerificationService = ServiceContainer.Resolve<IUserVerificationService>();
+            _keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
            _clipboardService = ServiceContainer.Resolve<IClipboardService>("clipboardService");
            _loggerService = ServiceContainer.Resolve<ILogger>("logger");
            _pushNotificationService = ServiceContainer.Resolve<IPushNotificationService>();
@@ -101,17 +100,12 @@ namespace Bit.App.Pages
            ExecuteSettingItemCommand = new AsyncCommand<SettingsPageListItem>(item => item.ExecuteAsync(), onException: _loggerService.Exception, allowsMultipleExecutions: false);
        }
        private bool IsVaultTimeoutActionLockAllowed => _hasMasterPassword || _biometric || _pin;
        public ObservableRangeCollection<ISettingsPageListItem> GroupedItems { get; set; }
        public IAsyncCommand<SettingsPageListItem> ExecuteSettingItemCommand { get; }
        public async Task InitAsync()
        {
            var decryptionOptions = await _stateService.GetAccountDecryptionOptions();
            // set has true for backwards compatibility
            _hasMasterPassword = decryptionOptions?.HasMasterPassword ?? true;
            _supportsBiometric = await _platformUtilsService.SupportsBiometricAsync();
            var lastSync = await _syncService.GetLastSyncAsync();
            if (lastSync != null)
@@ -130,17 +124,8 @@ namespace Bit.App.Pages
            _vaultTimeoutDisplayValue = _vaultTimeoutOptions.FirstOrDefault(o => o.Value == _vaultTimeout).Key;
            _vaultTimeoutDisplayValue ??= _vaultTimeoutOptions.Where(o => o.Value == CustomVaultTimeoutValue).First().Key;
-
+            var action = await _vaultTimeoutService.GetVaultTimeoutAction() ?? VaultTimeoutAction.Lock;
-            var pinSet = await _vaultTimeoutService.GetPinLockTypeAsync();
+            _vaultTimeoutActionDisplayValue = _vaultTimeoutActionOptions.FirstOrDefault(o => o.Value == action).Key;
            _pin = pinSet != PinLockType.Disabled;
            _biometric = await _vaultTimeoutService.IsBiometricLockSetAsync();
            var timeoutAction = await _vaultTimeoutService.GetVaultTimeoutAction() ?? VaultTimeoutAction.Lock;
            if (!IsVaultTimeoutActionLockAllowed && timeoutAction == VaultTimeoutAction.Lock)
            {
                timeoutAction = VaultTimeoutAction.Logout;
                await _vaultTimeoutService.SetVaultTimeoutOptionsAsync(_vaultTimeout, VaultTimeoutAction.Logout);
            }
            _vaultTimeoutActionDisplayValue = _vaultTimeoutActionOptions.FirstOrDefault(o => o.Value == timeoutAction).Key;
            if (await _policyService.PolicyAppliesToUser(PolicyType.MaximumVaultTimeout))
            {
@@ -152,6 +137,10 @@ namespace Bit.App.Pages
                    (t.Value > 0 || t.Value == CustomVaultTimeoutValue) &&
                    t.Value != null).ToList();
            }
            var pinSet = await _vaultTimeoutService.IsPinLockSetAsync();
            _pin = pinSet.Item1 || pinSet.Item2;
            _biometric = await _vaultTimeoutService.IsBiometricLockSetAsync();
            _screenCaptureAllowed = await _stateService.GetScreenCaptureAllowedAsync();
            if (_vaultTimeoutDisplayValue == null)
@@ -159,7 +148,8 @@ namespace Bit.App.Pages
                _vaultTimeoutDisplayValue = AppResources.Custom;
            }
-            _showChangeMasterPassword = IncludeLinksWithSubscriptionInfo() && await _userVerificationService.HasMasterPasswordAsync();
+            _showChangeMasterPassword = IncludeLinksWithSubscriptionInfo() &&
                !await _keyConnectorService.GetUsesKeyConnector();
            _reportLoggingEnabled = await _loggerService.IsEnabled();
            _approvePasswordlessLoginRequests = await _stateService.GetApprovePasswordlessLoginsAsync();
            _shouldConnectToWatch = await _stateService.GetShouldConnectToWatchAsync();
@@ -333,7 +323,6 @@ namespace Bit.App.Pages
            }
            if (oldTimeout != newTimeout)
            {
                await _cryptoService.RefreshKeysAsync();
                await Device.InvokeOnMainThreadAsync(BuildList);
            }
        }
@@ -398,11 +387,8 @@ namespace Bit.App.Pages
                // do nothing if we have a policy set
                return;
            }
-
+            var options = _vaultTimeoutActionOptions.Select(o =>
-            var options = IsVaultTimeoutActionLockAllowed
+                o.Key == _vaultTimeoutActionDisplayValue ? $"✓ {o.Key}" : o.Key).ToArray();
                ? _vaultTimeoutActionOptions.Select(o => CreateSelectableOption(o.Key, _vaultTimeoutActionDisplayValue == o.Key)).ToArray()
                : _vaultTimeoutActionOptions.Where(o => o.Value == VaultTimeoutAction.Logout).Select(v => ToSelectedOption(v.Key)).ToArray();
            var selection = await Page.DisplayActionSheet(AppResources.VaultTimeoutAction,
                AppResources.Cancel, null, options);
            if (selection == null || selection == AppResources.Cancel)
@@ -442,7 +428,7 @@ namespace Bit.App.Pages
                if (!string.IsNullOrWhiteSpace(pin))
                {
                    var masterPassOnRestart = false;
-                    if (await _userVerificationService.HasMasterPasswordAsync())
+                    if (!await _keyConnectorService.GetUsesKeyConnector())
                    {
                        masterPassOnRestart = await _platformUtilsService.ShowDialogAsync(
                            AppResources.PINRequireMasterPasswordRestart, AppResources.UnlockWithPIN,
@@ -451,20 +437,19 @@ namespace Bit.App.Pages
                    var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
                    var email = await _stateService.GetEmailAsync();
-                    var pinKey = await _cryptoService.MakePinKeyAsync(pin, email, kdfConfig);
+                    var pinKey = await _cryptoService.MakePinKeyAysnc(pin, email, kdfConfig);
-                    var userKey = await _cryptoService.GetUserKeyAsync();
+                    var key = await _cryptoService.GetKeyAsync();
-                    var protectedPinKey = await _cryptoService.EncryptAsync(userKey.Key, pinKey);
+                    var pinProtectedKey = await _cryptoService.EncryptAsync(key.Key, pinKey);
                    var encPin = await _cryptoService.EncryptAsync(pin);
                    await _stateService.SetProtectedPinAsync(encPin.EncryptedString);
                    if (masterPassOnRestart)
                    {
-                        await _stateService.SetPinKeyEncryptedUserKeyEphemeralAsync(protectedPinKey);
+                        var encPin = await _cryptoService.EncryptAsync(pin);
                        await _stateService.SetProtectedPinAsync(encPin.EncryptedString);
                        await _stateService.SetPinProtectedKeyAsync(pinProtectedKey);
                    }
                    else
                    {
-                        await _stateService.SetPinKeyEncryptedUserKeyAsync(protectedPinKey);
+                        await _stateService.SetPinProtectedAsync(pinProtectedKey.EncryptedString);
                    }
                }
                else
@@ -474,8 +459,8 @@ namespace Bit.App.Pages
            }
            if (!_pin)
            {
                await _cryptoService.ClearPinProtectedKeyAsync();
                await _vaultTimeoutService.ClearAsync();
                await UpdateVaultTimeoutActionIfNeededAsync();
            }
            BuildList();
        }
@@ -504,10 +489,9 @@ namespace Bit.App.Pages
            else
            {
                await _stateService.SetBiometricUnlockAsync(null);
                await UpdateVaultTimeoutActionIfNeededAsync();
            }
            await _stateService.SetBiometricLockedAsync(false);
-            await _cryptoService.RefreshKeysAsync();
+            await _cryptoService.ToggleKeyAsync();
            BuildList();
        }
@@ -851,11 +835,9 @@ namespace Bit.App.Pages
            return _vaultTimeoutOptions.FirstOrDefault(o => o.Key == key).Value;
        }
-        private string CreateSelectableOption(string option, bool selected) => selected ? ToSelectedOption(option) : option;
+        private string CreateSelectableOption(string option, bool selected) => selected ? $"✓ {option}" : option;
-        private bool CompareSelection(string selection, string compareTo) => selection == compareTo || selection == ToSelectedOption(compareTo);
+        private bool CompareSelection(string selection, string compareTo) => selection == compareTo || selection == $"✓ {compareTo}";
        private string ToSelectedOption(string option) => $"✓ {option}";
        public async Task SetScreenCaptureAllowedAsync()
        {
@@ -887,17 +869,5 @@ namespace Bit.App.Pages
            await _watchDeviceService.SetShouldConnectToWatchAsync(_shouldConnectToWatch);
            BuildList();
        }
        private async Task UpdateVaultTimeoutActionIfNeededAsync()
        {
            if (IsVaultTimeoutActionLockAllowed)
            {
                return;
            }
            _vaultTimeoutActionDisplayValue = _vaultTimeoutActionOptions.First(o => o.Value == VaultTimeoutAction.Logout).Key;
            await _vaultTimeoutService.SetVaultTimeoutOptionsAsync(_vaultTimeout, VaultTimeoutAction.Logout);
            _deviceActionService.Toast(AppResources.VaultTimeoutActionChangedToLogOut);
        }
    }
 }
--- a/src/App/Pages/TabsPage.cs
+++ b/src/App/Pages/TabsPage.cs
@@ -94,7 +94,7 @@ namespace Bit.App.Pages
                }
            });
            await UpdateVaultButtonTitleAsync();
-            if (await _keyConnectorService.UserNeedsMigrationAsync())
+            if (await _keyConnectorService.UserNeedsMigration())
            {
                _messagingService.Send("convertAccountToKeyConnector");
            }
--- a/src/App/Pages/Vault/AttachmentsPageViewModel.cs
+++ b/src/App/Pages/Vault/AttachmentsPageViewModel.cs
@@ -74,7 +74,7 @@ namespace Bit.App.Pages
            _cipherDomain = await _cipherService.GetAsync(CipherId);
            Cipher = await _cipherDomain.DecryptAsync();
            LoadAttachments();
-            _hasUpdatedKey = await _cryptoService.HasUserKeyAsync();
+            _hasUpdatedKey = await _cryptoService.HasEncKeyAsync();
            var canAccessPremium = await _stateService.CanAccessPremiumAsync();
            _canAccessAttachments = canAccessPremium || Cipher.OrganizationId != null;
            if (!_canAccessAttachments)
--- a/src/App/Pages/Vault/CipherAddEditPage.xaml.cs
+++ b/src/App/Pages/Vault/CipherAddEditPage.xaml.cs
@@ -21,7 +21,7 @@ namespace Bit.App.Pages
        private readonly IDeviceActionService _deviceActionService;
        private readonly IAutofillHandler _autofillHandler;
        private readonly IVaultTimeoutService _vaultTimeoutService;
-        private readonly IUserVerificationService _userVerificationService;
+        private readonly IKeyConnectorService _keyConnectorService;
        private CipherAddEditPageViewModel _vm;
        private bool _fromAutofill;
@@ -43,7 +43,7 @@ namespace Bit.App.Pages
            _deviceActionService = ServiceContainer.Resolve<IDeviceActionService>("deviceActionService");
            _autofillHandler = ServiceContainer.Resolve<IAutofillHandler>();
            _vaultTimeoutService = ServiceContainer.Resolve<IVaultTimeoutService>("vaultTimeoutService");
-            _userVerificationService = ServiceContainer.Resolve<IUserVerificationService>();
+            _keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
            _appOptions = appOptions;
            _fromAutofill = fromAutofill;
@@ -175,8 +175,8 @@ namespace Bit.App.Pages
                    RequestFocus(_nameEntry);
                }
            });
-
+            // Hide password reprompt option if using key connector
-            _passwordPrompt.IsVisible = await _userVerificationService.HasMasterPasswordAsync();
+            _passwordPrompt.IsVisible = !await _keyConnectorService.GetUsesKeyConnector();
        }
        protected override void OnDisappearing()
--- a/src/App/Resources/AppResources.Designer.cs
+++ b/src/App/Resources/AppResources.Designer.cs
@@ -418,15 +418,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Admin approval requested.
        /// </summary>
        public static string AdminApprovalRequested {
            get {
                return ResourceManager.GetString("AdminApprovalRequested", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to All.
        /// </summary>
@@ -580,24 +571,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Approve with master password.
        /// </summary>
        public static string ApproveWithMasterPassword {
            get {
                return ResourceManager.GetString("ApproveWithMasterPassword", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Approve with my other device.
        /// </summary>
        public static string ApproveWithMyOtherDevice {
            get {
                return ResourceManager.GetString("ApproveWithMyOtherDevice", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to April.
        /// </summary>
@@ -3721,15 +3694,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Logged in!.
        /// </summary>
        public static string LoggedIn {
            get {
                return ResourceManager.GetString("LoggedIn", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Logged in as {0} on {1}..
        /// </summary>
@@ -3748,15 +3712,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Logging in as {0}.
        /// </summary>
        public static string LoggingInAsX {
            get {
                return ResourceManager.GetString("LoggingInAsX", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Logging in as {0} on {1}.
        /// </summary>
@@ -3766,15 +3721,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Logging in on.
        /// </summary>
        public static string LoggingInOn {
            get {
                return ResourceManager.GetString("LoggingInOn", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Log In.
        /// </summary>
@@ -3793,15 +3739,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Login approved.
        /// </summary>
        public static string LoginApproved {
            get {
                return ResourceManager.GetString("LoginApproved", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Login attempt by {0} on {1}.
        /// </summary>
@@ -3841,7 +3778,7 @@ namespace Bit.App.Resources {
        }
        /// <summary>
-        ///   Looks up a localized string similar to Login initiated.
+        ///   Looks up a localized string similar to Log in initiated.
        /// </summary>
        public static string LogInInitiated {
            get {
@@ -3939,24 +3876,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Log in with device.
        /// </summary>
        public static string LogInWithDevice {
            get {
                return ResourceManager.GetString("LogInWithDevice", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Log in with device must be set up in the settings of the Bitwarden app. Need another option?.
        /// </summary>
        public static string LogInWithDeviceMustBeSetUpInTheSettingsOfTheBitwardenAppNeedAnotherOption {
            get {
                return ResourceManager.GetString("LogInWithDeviceMustBeSetUpInTheSettingsOfTheBitwardenAppNeedAnotherOption", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Log in with master password.
        /// </summary>
@@ -5417,15 +5336,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Remember this device.
        /// </summary>
        public static string RememberThisDevice {
            get {
                return ResourceManager.GetString("RememberThisDevice", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Remove.
        /// </summary>
@@ -5498,15 +5408,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Request admin approval.
        /// </summary>
        public static string RequestAdminApproval {
            get {
                return ResourceManager.GetString("RequestAdminApproval", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Request one-time password.
        /// </summary>
@@ -6368,10 +6269,10 @@ namespace Bit.App.Resources {
        public static string ThePasskeyWillNotBeCopiedToTheClonedItemDoYouWantToContinueCloningThisItem {
            get {
                return ResourceManager.GetString("ThePasskeyWillNotBeCopiedToTheClonedItemDoYouWantToContinueCloningThisItem", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to There are no blocked URIs.
        /// </summary>
        public static string ThereAreNoBlockedURIs {
@@ -6534,15 +6435,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Trouble logging in?.
        /// </summary>
        public static string TroubleLoggingIn {
            get {
                return ResourceManager.GetString("TroubleLoggingIn", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Try again.
        /// </summary>
@@ -6552,15 +6444,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Turn off using a public device.
        /// </summary>
        public static string TurnOffUsingPublicDevice {
            get {
                return ResourceManager.GetString("TurnOffUsingPublicDevice", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to 20 seconds.
        /// </summary>
@@ -7092,15 +6975,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Vault timeout action changed to log out.
        /// </summary>
        public static string VaultTimeoutActionChangedToLogOut {
            get {
                return ResourceManager.GetString("VaultTimeoutActionChangedToLogOut", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Your organization policies have set your vault timeout action to {0}..
        /// </summary>
@@ -7479,24 +7353,6 @@ namespace Bit.App.Resources {
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to Your request has been sent to your admin..
        /// </summary>
        public static string YourRequestHasBeenSentToYourAdmin {
            get {
                return ResourceManager.GetString("YourRequestHasBeenSentToYourAdmin", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to You will be notified once approved. .
        /// </summary>
        public static string YouWillBeNotifiedOnceApproved {
            get {
                return ResourceManager.GetString("YouWillBeNotifiedOnceApproved", resourceCulture);
            }
        }
        /// <summary>
        ///   Looks up a localized string similar to To continue, hold your YubiKey NEO against the back of the device or insert your YubiKey into your device&apos;s USB port, then touch its button..
        /// </summary>
--- a/src/App/Resources/AppResources.be.resx
+++ b/src/App/Resources/AppResources.be.resx
@@ -2638,7 +2638,7 @@
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
-    <value>Праграма</value>
+    <value>Application</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
    <value>You cannot edit passkey application because it would invalidate the passkey</value>
--- a/src/App/Resources/AppResources.bg.resx
+++ b/src/App/Resources/AppResources.bg.resx
@@ -2653,7 +2653,7 @@ select Add TOTP to store the key safely</value>
    <value>Копиране на приложението</value>
  </data>
  <data name="AvailableForTwoStepLogin" xml:space="preserve">
-    <value>Налично за двустепенно удостоверяване</value>
+    <value>Available for two-step login</value>
  </data>
  <data name="MasterPasswordRePromptHelp" xml:space="preserve">
    <value>Помощ за повторното запитване за главната парола</value>
--- a/src/App/Resources/AppResources.ca.resx
+++ b/src/App/Resources/AppResources.ca.resx
@@ -2628,32 +2628,32 @@ Voleu canviar a aquest compte?</value>
    <value>Contrasenya mestra actual</value>
  </data>
  <data name="Passkey" xml:space="preserve">
-    <value>Clau de pas</value>
+    <value>Passkey</value>
  </data>
  <data name="Passkeys" xml:space="preserve">
-    <value>Claus de pas</value>
+    <value>Passkeys</value>
  </data>
  <data name="CreatedX" xml:space="preserve">
-    <value>Creats {0}</value>
+    <value>Created {0}</value>
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
-    <value>Aplicació</value>
+    <value>Application</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
-    <value>No podeu editar l'aplicació de clau de pas perquè invalidaria la clau de pas</value>
+    <value>You cannot edit passkey application because it would invalidate the passkey</value>
  </data>
  <data name="PasskeyWillNotBeCopied" xml:space="preserve">
-    <value>La clau de pas no es copiarà</value>
+    <value>Passkey will not be copied</value>
  </data>
  <data name="ThePasskeyWillNotBeCopiedToTheClonedItemDoYouWantToContinueCloningThisItem" xml:space="preserve">
-    <value>La clau de pas no es copiarà a l'element clonat. Voleu continuar clonant aquest element?</value>
+    <value>The passkey will not be copied to the cloned item. Do you want to continue cloning this item?</value>
  </data>
  <data name="CopyApplication" xml:space="preserve">
-    <value>Copia la aplicació</value>
+    <value>Copy application</value>
  </data>
  <data name="AvailableForTwoStepLogin" xml:space="preserve">
-    <value>Disponible per iniciar sessió en dos passos</value>
+    <value>Available for two-step login</value>
  </data>
  <data name="MasterPasswordRePromptHelp" xml:space="preserve">
    <value>Ajuda per tornar a demanar la contrasenya mestra</value>
@@ -2668,49 +2668,49 @@ Voleu canviar a aquest compte?</value>
    <value>Token API no vàlid</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
-    <value>Aquest element no es pot compartir amb l'organització perquè ja n'hi ha un amb la mateixa clau de pas.</value>
+    <value>This item cannot be shared with the organization because there is one already with the same passkey.</value>
  </data>
  <data name="BlockAutoFill" xml:space="preserve">
-    <value>Bloqueja l'emplenament automàtic</value>
+    <value>Block auto-fill</value>
  </data>
  <data name="AutoFillWillNotBeOfferedForTheseURIs" xml:space="preserve">
-    <value>L'emplenament automàtic no s'oferirà per a aquests URI.</value>
+    <value>Auto-fill will not be offered for these URIs.</value>
  </data>
  <data name="NewBlockedURI" xml:space="preserve">
-    <value>Nou URI bloquejat</value>
+    <value>New blocked URI</value>
  </data>
  <data name="URISaved" xml:space="preserve">
-    <value>URI guardat</value>
+    <value>URI saved</value>
  </data>
  <data name="InvalidFormatUseHttpsHttpOrAndroidApp" xml:space="preserve">
-    <value>Format no vàlid. Utilitzeu https://, http:// o androidapp://</value>
+    <value>Invalid format. Use https://, http://, or androidapp://</value>
    <comment>https://, http://, androidapp:// should not be translated</comment>
  </data>
  <data name="EditURI" xml:space="preserve">
-    <value>Edita URI</value>
+    <value>Edit URI</value>
  </data>
  <data name="EnterURI" xml:space="preserve">
-    <value>Introduex URI</value>
+    <value>Enter URI</value>
  </data>
  <data name="FormatXSeparateMultipleURIsWithAComma" xml:space="preserve">
-    <value>Format: {0}. Separa diversos URI amb una coma.</value>
+    <value>Format: {0}. Separate multiple URIs with a comma.</value>
  </data>
  <data name="FormatX" xml:space="preserve">
    <value>Format: {0}</value>
  </data>
  <data name="InvalidURI" xml:space="preserve">
-    <value>URI no vàlid</value>
+    <value>Invalid URI</value>
  </data>
  <data name="URIRemoved" xml:space="preserve">
-    <value>URI suprimit</value>
+    <value>URI removed</value>
  </data>
  <data name="ThereAreNoBlockedURIs" xml:space="preserve">
-    <value>No hi ha cap URI bloquejat</value>
+    <value>There are no blocked URIs</value>
  </data>
  <data name="TheURIXIsAlreadyBlocked" xml:space="preserve">
-    <value>L'URI {0} ja està bloquejat</value>
+    <value>The URI {0} is already blocked</value>
  </data>
  <data name="CannotEditMultipleURIsAtOnce" xml:space="preserve">
-    <value>No es poden editar diversos URI alhora</value>
+    <value>Cannot edit multiple URIs at once</value>
  </data>
 </root>
--- a/src/App/Resources/AppResources.cy.resx
+++ b/src/App/Resources/AppResources.cy.resx
--- a/src/App/Resources/AppResources.da.resx
+++ b/src/App/Resources/AppResources.da.resx
@@ -2628,32 +2628,32 @@ Vil du skifte til denne konto?</value>
    <value>Aktuel hovedadgangskode</value>
  </data>
  <data name="Passkey" xml:space="preserve">
-    <value>Adgangsnøgle</value>
+    <value>Passkey</value>
  </data>
  <data name="Passkeys" xml:space="preserve">
-    <value>Adgangsnøgler</value>
+    <value>Passkeys</value>
  </data>
  <data name="CreatedX" xml:space="preserve">
-    <value>Oprettet {0}</value>
+    <value>Created {0}</value>
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
-    <value>Applikation</value>
+    <value>Application</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
-    <value>Adgangsnøgleapplikationen kan ikke redigeres, da det ville ugyldiggøre adgangsnøglen</value>
+    <value>You cannot edit passkey application because it would invalidate the passkey</value>
  </data>
  <data name="PasskeyWillNotBeCopied" xml:space="preserve">
-    <value>Adgangsnøglen kopieres ikke</value>
+    <value>Passkey will not be copied</value>
  </data>
  <data name="ThePasskeyWillNotBeCopiedToTheClonedItemDoYouWantToContinueCloningThisItem" xml:space="preserve">
-    <value>Adgangsnøglen kopieres ikke til det klonede emne. Fortsæt med at klone dette emne alligevel?</value>
+    <value>The passkey will not be copied to the cloned item. Do you want to continue cloning this item?</value>
  </data>
  <data name="CopyApplication" xml:space="preserve">
-    <value>Kopiér applikation</value>
+    <value>Copy application</value>
  </data>
  <data name="AvailableForTwoStepLogin" xml:space="preserve">
-    <value>Tilgængelig for totrins-login</value>
+    <value>Available for two-step login</value>
  </data>
  <data name="MasterPasswordRePromptHelp" xml:space="preserve">
    <value>Hjælp til genanmodning om hovedadgangskode</value>
@@ -2668,7 +2668,7 @@ Vil du skifte til denne konto?</value>
    <value>Ugyldigt API-token</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
-    <value>Dette emne kan ikke deles med organisationen, da der allerede er et med den samme adgangsnøgle.</value>
+    <value>This item cannot be shared with the organization because there is one already with the same passkey.</value>
  </data>
  <data name="BlockAutoFill" xml:space="preserve">
    <value>Blokér autoudfyldning</value>
--- a/src/App/Resources/AppResources.de.resx
+++ b/src/App/Resources/AppResources.de.resx
@@ -2640,19 +2640,19 @@ Möchtest du zu diesem Konto wechseln?</value>
    <value>Anwendung</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
-    <value>Du kannst die Passkey-Anwendung nicht bearbeiten, da dies den Passkey ungültig machen würde.</value>
+    <value>You cannot edit passkey application because it would invalidate the passkey</value>
  </data>
  <data name="PasskeyWillNotBeCopied" xml:space="preserve">
    <value>Passkey wird nicht kopiert</value>
  </data>
  <data name="ThePasskeyWillNotBeCopiedToTheClonedItemDoYouWantToContinueCloningThisItem" xml:space="preserve">
-    <value>Der Passkey wird nicht in den duplizierten Eintrag kopiert. Möchtest du mit dem Duplizieren dieses Eintrags fortfahren?</value>
+    <value>The passkey will not be copied to the cloned item. Do you want to continue cloning this item?</value>
  </data>
  <data name="CopyApplication" xml:space="preserve">
    <value>Anwendung kopieren</value>
  </data>
  <data name="AvailableForTwoStepLogin" xml:space="preserve">
-    <value>Verfügbar für Zwei-Faktor Authentifizierung</value>
+    <value>Available for two-step login</value>
  </data>
  <data name="MasterPasswordRePromptHelp" xml:space="preserve">
    <value>Hilfe zum erneuten Abfragen des Master-Passworts</value>
@@ -2667,7 +2667,7 @@ Möchtest du zu diesem Konto wechseln?</value>
    <value>Ungültiger API-Token</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
-    <value>Dieser Eintrag kann nicht mit der Organisation geteilt werden, da bereits einer mit dem gleichen Passkey existiert.</value>
+    <value>This item cannot be shared with the organization because there is one already with the same passkey.</value>
  </data>
  <data name="BlockAutoFill" xml:space="preserve">
    <value>Auto-Ausfüllen blockieren</value>
--- a/src/App/Resources/AppResources.el.resx
+++ b/src/App/Resources/AppResources.el.resx
@@ -2634,7 +2634,7 @@
    <value>Passkeys</value>
  </data>
  <data name="CreatedX" xml:space="preserve">
-    <value>Δημιουργήθηκε {0}</value>
+    <value>Created {0}</value>
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
@@ -2662,10 +2662,10 @@
    <value>Unlocking may fail due to insufficient memory. Decrease your KDF memory settings to resolve.</value>
  </data>
  <data name="InvalidAPIKey" xml:space="preserve">
-    <value>Μη έγκυρο κλειδί API</value>
+    <value>Invalid API key</value>
  </data>
  <data name="InvalidAPIToken" xml:space="preserve">
-    <value>Μη έγκυρο API token</value>
+    <value>Invalid API token</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
    <value>This item cannot be shared with the organization because there is one already with the same passkey.</value>
--- a/src/App/Resources/AppResources.fa.resx
+++ b/src/App/Resources/AppResources.fa.resx
@@ -2629,32 +2629,32 @@
    <value>کلمه عبور اصلی فعلی</value>
  </data>
  <data name="Passkey" xml:space="preserve">
-    <value>کلید عبور</value>
+    <value>Passkey</value>
  </data>
  <data name="Passkeys" xml:space="preserve">
-    <value>کلیدهای عبور</value>
+    <value>Passkeys</value>
  </data>
  <data name="CreatedX" xml:space="preserve">
-    <value>{0} ایجاد شد</value>
+    <value>Created {0}</value>
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
-    <value>درخواست</value>
+    <value>Application</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
-    <value>شما نمی‌توانید برنامه کلید عبور را ویرایش کنید زیرا باعث بی اعتباری کلید عبور می‌شود</value>
+    <value>You cannot edit passkey application because it would invalidate the passkey</value>
  </data>
  <data name="PasskeyWillNotBeCopied" xml:space="preserve">
-    <value>کلید عبور کپی نمی‌شود</value>
+    <value>Passkey will not be copied</value>
  </data>
  <data name="ThePasskeyWillNotBeCopiedToTheClonedItemDoYouWantToContinueCloningThisItem" xml:space="preserve">
-    <value>کلید عبور در مورد شبیه سازی شده کپی نمی‌شود. آیا می‌خواهید به شبیه سازی این مورد ادامه دهید؟</value>
+    <value>The passkey will not be copied to the cloned item. Do you want to continue cloning this item?</value>
  </data>
  <data name="CopyApplication" xml:space="preserve">
-    <value>درخواست را کپی کنید</value>
+    <value>Copy application</value>
  </data>
  <data name="AvailableForTwoStepLogin" xml:space="preserve">
-    <value>برای ورود دو مرحله ای موجود است</value>
+    <value>Available for two-step login</value>
  </data>
  <data name="MasterPasswordRePromptHelp" xml:space="preserve">
    <value>راهنمای درخواست مجدد کلمه عبور اصلی</value>
@@ -2669,49 +2669,49 @@
    <value>توکن API نامعتبر</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
-    <value>این مورد را نمی‌توان با سازمان به اشتراک گذاشت زیرا قبلاً موردی با کلید عبور یکسان وجود دارد.</value>
+    <value>This item cannot be shared with the organization because there is one already with the same passkey.</value>
  </data>
  <data name="BlockAutoFill" xml:space="preserve">
-    <value>پر کردن خودکار را مسدود کنید</value>
+    <value>Block auto-fill</value>
  </data>
  <data name="AutoFillWillNotBeOfferedForTheseURIs" xml:space="preserve">
-    <value>پر کردن خودکار برای این نشانی‌های اینترنتی ارائه نمی‌شود.</value>
+    <value>Auto-fill will not be offered for these URIs.</value>
  </data>
  <data name="NewBlockedURI" xml:space="preserve">
-    <value>نشانی اینترنتی مسدود شده جدید</value>
+    <value>New blocked URI</value>
  </data>
  <data name="URISaved" xml:space="preserve">
-    <value>نشانی اینترنتی ذخیره شد</value>
+    <value>URI saved</value>
  </data>
  <data name="InvalidFormatUseHttpsHttpOrAndroidApp" xml:space="preserve">
-    <value>قالب نامعتبر است. از https://، http://، یا androidapp:// استفاده کنید</value>
+    <value>Invalid format. Use https://, http://, or androidapp://</value>
    <comment>https://, http://, androidapp:// should not be translated</comment>
  </data>
  <data name="EditURI" xml:space="preserve">
-    <value>ویرایش نشانی اینترنتی</value>
+    <value>Edit URI</value>
  </data>
  <data name="EnterURI" xml:space="preserve">
-    <value>ورود نشانی اینترنتی</value>
+    <value>Enter URI</value>
  </data>
  <data name="FormatXSeparateMultipleURIsWithAComma" xml:space="preserve">
-    <value>قالب: {0}. چندین نشانی اینترنتی را با کاما جدا کنید.</value>
+    <value>Format: {0}. Separate multiple URIs with a comma.</value>
  </data>
  <data name="FormatX" xml:space="preserve">
-    <value>قالب: {0}</value>
+    <value>Format: {0}</value>
  </data>
  <data name="InvalidURI" xml:space="preserve">
-    <value>نشانی اینترنتی نامعتبر</value>
+    <value>Invalid URI</value>
  </data>
  <data name="URIRemoved" xml:space="preserve">
-    <value>نشانی اینترنتی حذف شد</value>
+    <value>URI removed</value>
  </data>
  <data name="ThereAreNoBlockedURIs" xml:space="preserve">
-    <value>هیچ نشانی اینترنتی مسدود شده ای وجود ندارد</value>
+    <value>There are no blocked URIs</value>
  </data>
  <data name="TheURIXIsAlreadyBlocked" xml:space="preserve">
-    <value>{0} نشانی اینترنتی قبلاً مسدود شده است</value>
+    <value>The URI {0} is already blocked</value>
  </data>
  <data name="CannotEditMultipleURIsAtOnce" xml:space="preserve">
-    <value>نمی‌توان چندین نشانی اینترنتی را همزمان ویرایش کرد</value>
+    <value>Cannot edit multiple URIs at once</value>
  </data>
 </root>
--- a/src/App/Resources/AppResources.fr.resx
+++ b/src/App/Resources/AppResources.fr.resx
@@ -2651,7 +2651,7 @@ Voulez-vous basculer vers ce compte ?</value>
    <value>The passkey will not be copied to the cloned item. Do you want to continue cloning this item?</value>
  </data>
  <data name="CopyApplication" xml:space="preserve">
-    <value>Copier l'application</value>
+    <value>Copy application</value>
  </data>
  <data name="AvailableForTwoStepLogin" xml:space="preserve">
    <value>Available for two-step login</value>
--- a/src/App/Resources/AppResources.it.resx
+++ b/src/App/Resources/AppResources.it.resx
@@ -172,7 +172,7 @@
    <comment>Message shown when interacting with the server</comment>
  </data>
  <data name="DoYouReallyWantToDelete" xml:space="preserve">
-    <value>Vuoi davvero eliminarlo? Questa operazione non può essere annullata.</value>
+    <value>Vuoi davvero eliminarlo? Non lo potrai ripristinare.</value>
    <comment>Confirmation alert message when deleteing something.</comment>
  </data>
  <data name="Edit" xml:space="preserve">
--- a/src/App/Resources/AppResources.lv.resx
+++ b/src/App/Resources/AppResources.lv.resx
@@ -1813,7 +1813,7 @@ Nolasīšana notiks automātiski.</value>
    <value>Ieslēdzot šo slēdzi, Tu piekrīti sekojošajam:</value>
  </data>
  <data name="AcceptPoliciesError" xml:space="preserve">
-    <value>Nav apstiprināti izmantošanas noteikumi un privātuma nosacījumi.</value>
+    <value>Nav pieņemti izmantošanas nosacījumi un privātuma politika.</value>
  </data>
  <data name="TermsOfService" xml:space="preserve">
    <value>Izmantošanas nosacījumi</value>
--- a/src/App/Resources/AppResources.pl.resx
+++ b/src/App/Resources/AppResources.pl.resx
@@ -2656,7 +2656,7 @@ Czy chcesz przełączyć się na to konto?</value>
    <value>Dostępne dla dwustopniowego logowania</value>
  </data>
  <data name="MasterPasswordRePromptHelp" xml:space="preserve">
-    <value>Pomoc dotycząca potwierdzania hasłem głównym</value>
+    <value>Master password re-prompt help</value>
  </data>
  <data name="UnlockingMayFailDueToInsufficientMemoryDecreaseYourKDFMemorySettingsToResolve" xml:space="preserve">
    <value>Odblokowanie może się nie powieść z powodu niewystarczającej ilości pamięci. Zmniejsz ustawienia pamięci KDF, aby to rozwiązać</value>
--- a/src/App/Resources/AppResources.pt-PT.resx
+++ b/src/App/Resources/AppResources.pt-PT.resx
@@ -2627,32 +2627,32 @@ Deseja mudar para esta conta?</value>
    <value>Palavra-passe mestra atual</value>
  </data>
  <data name="Passkey" xml:space="preserve">
-    <value>Chave de acesso</value>
+    <value>Passkey</value>
  </data>
  <data name="Passkeys" xml:space="preserve">
-    <value>Chaves de acesso</value>
+    <value>Passkeys</value>
  </data>
  <data name="CreatedX" xml:space="preserve">
-    <value>Criada a {0}</value>
+    <value>Created {0}</value>
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
-    <value>Aplicação</value>
+    <value>Application</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
-    <value>Não é possível editar a aplicação da chave de acesso porque invalidaria a mesma</value>
+    <value>You cannot edit passkey application because it would invalidate the passkey</value>
  </data>
  <data name="PasskeyWillNotBeCopied" xml:space="preserve">
-    <value>A chave de acesso não será copiada</value>
+    <value>Passkey will not be copied</value>
  </data>
  <data name="ThePasskeyWillNotBeCopiedToTheClonedItemDoYouWantToContinueCloningThisItem" xml:space="preserve">
-    <value>A chave de acesso não será copiada para o item duplicado. Pretende ainda assim duplicar este item?</value>
+    <value>The passkey will not be copied to the cloned item. Do you want to continue cloning this item?</value>
  </data>
  <data name="CopyApplication" xml:space="preserve">
-    <value>Copiar aplicação</value>
+    <value>Copy application</value>
  </data>
  <data name="AvailableForTwoStepLogin" xml:space="preserve">
-    <value>Disponível para a verificação de dois passos</value>
+    <value>Available for two-step login</value>
  </data>
  <data name="MasterPasswordRePromptHelp" xml:space="preserve">
    <value>Ajuda para pedir novamente a palavra-passe mestra</value>
@@ -2667,7 +2667,7 @@ Deseja mudar para esta conta?</value>
    <value>Token da API inválido</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
-    <value>Este item não pode ser partilhado com a organização porque já existe um com a mesma chave de acesso.</value>
+    <value>This item cannot be shared with the organization because there is one already with the same passkey.</value>
  </data>
  <data name="BlockAutoFill" xml:space="preserve">
    <value>Bloquear preenchimento automático</value>
--- a/src/App/Resources/AppResources.resx
+++ b/src/App/Resources/AppResources.resx
@@ -2506,7 +2506,7 @@ Do you want to switch to this account?</value>
    <value>Log in with device</value>
  </data>
  <data name="LogInInitiated" xml:space="preserve">
-    <value>Login initiated</value>
+    <value>Log in initiated</value>
  </data>
  <data name="ANotificationHasBeenSentToYourDevice" xml:space="preserve">
    <value>A notification has been sent to your device.</value>
@@ -2628,24 +2628,6 @@ Do you want to switch to this account?</value>
  <data name="CurrentMasterPassword" xml:space="preserve">
    <value>Current master password</value>
  </data>
  <data name="LoggedIn" xml:space="preserve">
    <value>Logged in!</value>
  </data>
  <data name="ApproveWithMyOtherDevice" xml:space="preserve">
    <value>Approve with my other device</value>
  </data>
  <data name="RequestAdminApproval" xml:space="preserve">
    <value>Request admin approval</value>
  </data>
  <data name="ApproveWithMasterPassword" xml:space="preserve">
    <value>Approve with master password</value>
  </data>
  <data name="TurnOffUsingPublicDevice" xml:space="preserve">
    <value>Turn off using a public device</value>
  </data>
  <data name="RememberThisDevice" xml:space="preserve">
    <value>Remember this device</value>
  </data>
  <data name="Passkey" xml:space="preserve">
    <value>Passkey</value>
  </data>
@@ -2686,24 +2668,6 @@ Do you want to switch to this account?</value>
  <data name="InvalidAPIToken" xml:space="preserve">
    <value>Invalid API token</value>
  </data>
  <data name="AdminApprovalRequested" xml:space="preserve">
    <value>Admin approval requested</value>
  </data>
  <data name="YourRequestHasBeenSentToYourAdmin" xml:space="preserve">
    <value>Your request has been sent to your admin.</value>
  </data>
  <data name="YouWillBeNotifiedOnceApproved" xml:space="preserve">
    <value>You will be notified once approved. </value>
  </data>
  <data name="TroubleLoggingIn" xml:space="preserve">
    <value>Trouble logging in?</value>
  </data>
  <data name="LoggingInAsX" xml:space="preserve">
    <value>Logging in as {0}</value>
  </data>
  <data name="VaultTimeoutActionChangedToLogOut" xml:space="preserve">
    <value>Vault timeout action changed to log out</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
    <value>This item cannot be shared with the organization because there is one already with the same passkey.</value>
  </data>
@@ -2750,16 +2714,4 @@ Do you want to switch to this account?</value>
  <data name="CannotEditMultipleURIsAtOnce" xml:space="preserve">
    <value>Cannot edit multiple URIs at once</value>
  </data>
  <data name="LoginApproved" xml:space="preserve">
    <value>Login approved</value>
  </data>
  <data name="LogInWithDeviceMustBeSetUpInTheSettingsOfTheBitwardenAppNeedAnotherOption" xml:space="preserve">
    <value>Log in with device must be set up in the settings of the Bitwarden app. Need another option?</value>
  </data>
  <data name="LogInWithDevice" xml:space="preserve">
    <value>Log in with device</value>
  </data>
  <data name="LoggingInOn" xml:space="preserve">
    <value>Logging in on</value>
  </data>
 </root>
--- a/src/App/Resources/AppResources.ru.resx
+++ b/src/App/Resources/AppResources.ru.resx
@@ -2668,7 +2668,7 @@
    <value>Некорректный токен API</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
-    <value>Этим элементом нельзя поделиться с организацией, поскольку существует другой с тем же ключом.</value>
+    <value>Этим элементом нельзя поделиться с организацией, поскольку существует другой с тем же ключем.</value>
  </data>
  <data name="BlockAutoFill" xml:space="preserve">
    <value>Блокировать автозаполнение</value>
--- a/src/App/Resources/AppResources.uk.resx
+++ b/src/App/Resources/AppResources.uk.resx
@@ -2628,32 +2628,32 @@
    <value>Поточний головний пароль</value>
  </data>
  <data name="Passkey" xml:space="preserve">
-    <value>Ключ доступу</value>
+    <value>Passkey</value>
  </data>
  <data name="Passkeys" xml:space="preserve">
-    <value>Ключі доступу</value>
+    <value>Passkeys</value>
  </data>
  <data name="CreatedX" xml:space="preserve">
-    <value>Створено {0}</value>
+    <value>Created {0}</value>
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
-    <value>Програма</value>
+    <value>Application</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
-    <value>Ви не можете змінити програму для ключа доступу, оскільки це зробить його недійсним</value>
+    <value>You cannot edit passkey application because it would invalidate the passkey</value>
  </data>
  <data name="PasskeyWillNotBeCopied" xml:space="preserve">
-    <value>Ключ доступу не буде скопійовано</value>
+    <value>Passkey will not be copied</value>
  </data>
  <data name="ThePasskeyWillNotBeCopiedToTheClonedItemDoYouWantToContinueCloningThisItem" xml:space="preserve">
-    <value>Ключ доступу не буде скопійовано до клонованого запису. Хочете продовжити клонування цього запису?</value>
+    <value>The passkey will not be copied to the cloned item. Do you want to continue cloning this item?</value>
  </data>
  <data name="CopyApplication" xml:space="preserve">
-    <value>Копіювати програму</value>
+    <value>Copy application</value>
  </data>
  <data name="AvailableForTwoStepLogin" xml:space="preserve">
-    <value>Доступно для двоетапної перевірки</value>
+    <value>Available for two-step login</value>
  </data>
  <data name="MasterPasswordRePromptHelp" xml:space="preserve">
    <value>Допомога щодо повторного запиту головного пароля</value>
@@ -2668,7 +2668,7 @@
    <value>Недійсний токен API</value>
  </data>
  <data name="ThisItemCannotBeSharedWithTheOrganizationBecauseThereIsOneAlreadyWithTheSamePasskey" xml:space="preserve">
-    <value>Цей запис не можна поширити для організації, оскільки там вже є запис із таким самим ключем доступу.</value>
+    <value>This item cannot be shared with the organization because there is one already with the same passkey.</value>
  </data>
  <data name="BlockAutoFill" xml:space="preserve">
    <value>Блокувати автозаповнення</value>
--- a/src/App/Resources/AppResources.vi.resx
+++ b/src/App/Resources/AppResources.vi.resx
@@ -128,11 +128,11 @@
    <value>Thêm thư mục</value>
  </data>
  <data name="AddItem" xml:space="preserve">
-    <value>Thêm mục</value>
+    <value>Thêm Mục</value>
    <comment>The title for the add item page.</comment>
  </data>
  <data name="AnErrorHasOccurred" xml:space="preserve">
-    <value>Đã xảy ra lỗi.</value>
+    <value>Đã xảy ra lỗi chưa xác định.</value>
    <comment>Alert title when something goes wrong.</comment>
  </data>
  <data name="Back" xml:space="preserve">
@@ -2194,7 +2194,7 @@ Quá trình quét sẽ diễn ra tự động.</value>
    <value>Mã xác minh không hợp lệ</value>
  </data>
  <data name="RequestOTP" xml:space="preserve">
-    <value>Yêu cầu mật khẩu một lần (OTP)</value>
+    <value>Request one-time password</value>
  </data>
  <data name="SendCode" xml:space="preserve">
    <value>Gửi mã</value>
@@ -2487,7 +2487,7 @@ chọn Thêm TOTP để lưu khóa an toàn</value>
 Do you want to switch to this account?</value>
  </data>
  <data name="NewAroundHere" xml:space="preserve">
-    <value>Bạn mới tới đây sao?</value>
+    <value>New around here?</value>
  </data>
  <data name="GetMasterPasswordwordHint" xml:space="preserve">
    <value>Get master password hint</value>
@@ -2607,10 +2607,10 @@ Do you want to switch to this account?</value>
    <value>There are no items that match the search</value>
  </data>
  <data name="US" xml:space="preserve">
-    <value>Hoa Kỳ</value>
+    <value>US</value>
  </data>
  <data name="EU" xml:space="preserve">
-    <value>Châu Âu</value>
+    <value>EU</value>
  </data>
  <data name="SelfHosted" xml:space="preserve">
    <value>Self-hosted</value>
@@ -2619,7 +2619,7 @@ Do you want to switch to this account?</value>
    <value>Data region</value>
  </data>
  <data name="Region" xml:space="preserve">
-    <value>Khu vực</value>
+    <value>Region</value>
  </data>
  <data name="UpdateWeakMasterPasswordWarning" xml:space="preserve">
    <value>Your master password does not meet one or more of your organization policies. In order to access the vault, you must update your master password now. Proceeding will log you out of your current session, requiring you to log back in. Active sessions on other devices may continue to remain active for up to one hour.</value>
@@ -2634,11 +2634,11 @@ Do you want to switch to this account?</value>
    <value>Passkeys</value>
  </data>
  <data name="CreatedX" xml:space="preserve">
-    <value>Đã tạo {0}</value>
+    <value>Created {0}</value>
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
-    <value>Ứng dụng</value>
+    <value>Application</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
    <value>You cannot edit passkey application because it would invalidate the passkey</value>
@@ -2683,7 +2683,7 @@ Do you want to switch to this account?</value>
    <value>URI saved</value>
  </data>
  <data name="InvalidFormatUseHttpsHttpOrAndroidApp" xml:space="preserve">
-    <value>Định dạng không hợp lệ. Dùng https://, http://, hoặc androidapp://</value>
+    <value>Invalid format. Use https://, http://, or androidapp://</value>
    <comment>https://, http://, androidapp:// should not be translated</comment>
  </data>
  <data name="EditURI" xml:space="preserve">
--- a/src/App/Resources/AppResources.zh-Hans.resx
+++ b/src/App/Resources/AppResources.zh-Hans.resx
@@ -1601,7 +1601,7 @@
    <value>您的主题将在应用程序重启后生效。</value>
  </data>
  <data name="Capitalize" xml:space="preserve">
-    <value>首字母大写</value>
+    <value>大写</value>
    <comment>ex. Uppercase the first character of a word.</comment>
  </data>
  <data name="IncludeNumber" xml:space="preserve">
@@ -2634,14 +2634,14 @@
    <value>通行密钥</value>
  </data>
  <data name="CreatedX" xml:space="preserve">
-    <value>创建于 {0}</value>
+    <value>已创建 {0}</value>
    <comment>To state the date in which the cipher was created: Created 03/21/2023</comment>
  </data>
  <data name="Application" xml:space="preserve">
    <value>应用</value>
  </data>
  <data name="YouCannotEditPasskeyApplicationBecauseItWouldInvalidateThePasskey" xml:space="preserve">
-    <value>您不能编辑通行密钥应用程序，这会使通行密钥失效</value>
+    <value>您不能编辑通行密钥应用程序，这会使通行密钥无失效</value>
  </data>
  <data name="PasskeyWillNotBeCopied" xml:space="preserve">
    <value>通行密钥不会被复制</value>
--- a/src/App/Services/BaseBiometricService.cs
+++ b/src/App/Services/BaseBiometricService.cs
@@ -1,25 +0,0 @@
 using System.Threading.Tasks;
 using Bit.Core.Abstractions;
 namespace Bit.App.Services
 {
    public abstract class BaseBiometricService : IBiometricService
    {
        protected readonly IStateService _stateService;
        protected readonly ICryptoService _cryptoService;
        protected BaseBiometricService(IStateService stateService, ICryptoService cryptoService)
        {
            _stateService = stateService;
            _cryptoService = cryptoService;
        }
        public async Task<bool> CanUseBiometricsUnlockAsync()
        {
            return await _cryptoService.GetBiometricUnlockKeyAsync() != null || await _stateService.GetKeyEncryptedAsync() != null;
        }
        public abstract Task<bool> IsSystemBiometricIntegrityValidAsync(string bioIntegritySrcKey = null);
        public abstract Task<bool> SetupBiometricAsync(string bioIntegritySrcKey = null);
    }
 }
--- a/src/App/Services/MobilePasswordRepromptService.cs
+++ b/src/App/Services/MobilePasswordRepromptService.cs
@@ -1,7 +1,9 @@
-using System.Threading.Tasks;
+using System;
 using System.Threading.Tasks;
 using Bit.App.Abstractions;
 using Bit.App.Resources;
 using Bit.Core.Abstractions;
 using Bit.Core.Utilities;
 namespace Bit.App.Services
 {
@@ -38,5 +40,11 @@ namespace Bit.App.Services
            return await _cryptoService.CompareAndUpdateKeyHashAsync(password, null);
        }
        public async Task<bool> Enabled()
        {
            var keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
            return !await keyConnectorService.GetUsesKeyConnector();
        }
    }
 }
--- a/src/App/Utilities/AccountManagement/AccountsManager.cs
+++ b/src/App/Utilities/AccountManagement/AccountsManager.cs
@@ -206,7 +206,6 @@ namespace Bit.App.Utilities.AccountManagement
        private async Task AddAccountAsync()
        {
            await AppHelpers.ClearServiceCacheAsync();
            await Device.InvokeOnMainThreadAsync(() =>
            {
                Options.HideAccountSwitcher = false;
--- a/src/App/Utilities/VerificationActionsFlowHelper.cs
+++ b/src/App/Utilities/VerificationActionsFlowHelper.cs
@@ -63,7 +63,6 @@ namespace Bit.App.Utilities
        private readonly IKeyConnectorService _keyConnectorService;
        private readonly IPasswordRepromptService _passwordRepromptService;
        private readonly ICryptoService _cryptoService;
        private readonly IUserVerificationService _userVerificationService;
        private VerificationFlowAction? _action;
        private IActionFlowParmeters _parameters;
@@ -74,13 +73,11 @@ namespace Bit.App.Utilities
        public VerificationActionsFlowHelper(IKeyConnectorService keyConnectorService,
            IPasswordRepromptService passwordRepromptService,
-            ICryptoService cryptoService,
+            ICryptoService cryptoService)
            IUserVerificationService userVerificationService)
        {
            _keyConnectorService = keyConnectorService;
            _passwordRepromptService = passwordRepromptService;
            _cryptoService = cryptoService;
            _userVerificationService = userVerificationService;
            _actionExecutionerDictionary.Add(VerificationFlowAction.DeleteAccount, ServiceContainer.Resolve<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner"));
        }
@@ -110,9 +107,9 @@ namespace Bit.App.Utilities
        public async Task ValidateAndExecuteAsync()
        {
-            var verificationType = await _userVerificationService.HasMasterPasswordAsync()
+            var verificationType = await _keyConnectorService.GetUsesKeyConnector()
-                ? VerificationType.MasterPassword
+                ? VerificationType.OTP
-                : VerificationType.OTP;
+                : VerificationType.MasterPassword;
            switch (verificationType)
            {
@@ -124,7 +121,7 @@ namespace Bit.App.Utilities
                    }
                    var parameters = GetParameters();
-                    parameters.Secret = await _cryptoService.HashMasterKeyAsync(password, null);
+                    parameters.Secret = await _cryptoService.HashPasswordAsync(password, null);
                    parameters.VerificationType = VerificationType.MasterPassword;
                    await ExecuteAsync(parameters);
                    break;
--- a/src/Core/Abstractions/IApiService.cs
+++ b/src/Core/Abstractions/IApiService.cs
@@ -4,7 +4,6 @@ using System.Net;
 using System.Net.Http;
 using System.Threading;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Request;
 using Bit.Core.Models.Response;
@@ -71,7 +70,7 @@ namespace Bit.Core.Abstractions
        Task<OrganizationAutoEnrollStatusResponse> GetOrganizationAutoEnrollStatusAsync(string identifier);
        Task PutOrganizationUserResetPasswordEnrollmentAsync(string orgId, string userId,
            OrganizationUserResetPasswordEnrollmentRequest request);
-        Task<KeyConnectorUserKeyResponse> GetMasterKeyFromKeyConnectorAsync(string keyConnectorUrl);
+        Task<KeyConnectorUserKeyResponse> GetUserKeyFromKeyConnector(string keyConnectorUrl);
        Task PostUserKeyToKeyConnector(string keyConnectorUrl, KeyConnectorUserKeyRequest request);
        Task PostSetKeyConnectorKey(SetKeyConnectorKeyRequest request);
        Task PostConvertToKeyConnector();
@@ -91,12 +90,9 @@ namespace Bit.Core.Abstractions
        Task<PasswordlessLoginResponse> GetAuthRequestAsync(string id);
        Task<PasswordlessLoginResponse> GetAuthResponseAsync(string id, string accessCode);
        Task<PasswordlessLoginResponse> PutAuthRequestAsync(string id, string key, string masterPasswordHash, string deviceIdentifier, bool requestApproved);
-        Task<PasswordlessLoginResponse> PostCreateRequestAsync(PasswordlessCreateLoginRequest passwordlessCreateLoginRequest, AuthRequestType authRequestType);
+        Task<PasswordlessLoginResponse> PostCreateRequestAsync(PasswordlessCreateLoginRequest passwordlessCreateLoginRequest);
        Task<bool> GetKnownDeviceAsync(string email, string deviceIdentifier);
        Task<DeviceResponse> GetDeviceByIdentifierAsync(string deviceIdentifier);
        Task<DeviceResponse> UpdateTrustedDeviceKeysAsync(string deviceIdentifier, TrustedDeviceKeysRequest deviceRequest);
        Task<OrganizationDomainSsoDetailsResponse> GetOrgDomainSsoDetailsAsync(string email);
        Task<bool> GetDevicesExistenceByTypes(DeviceType[] deviceTypes);
        Task<ConfigResponse> GetConfigsAsync();
        Task<string> GetFastmailAccountIdAsync(string apiKey);
    }
--- a/src/Core/Abstractions/IAuthService.cs
+++ b/src/Core/Abstractions/IAuthService.cs
@@ -32,13 +32,9 @@ namespace Bit.Core.Abstractions
        Task<List<PasswordlessLoginResponse>> GetPasswordlessLoginRequestsAsync();
        Task<List<PasswordlessLoginResponse>> GetActivePasswordlessLoginRequestsAsync();
        Task<PasswordlessLoginResponse> GetPasswordlessLoginRequestByIdAsync(string id);
-        /// <summary>
+        Task<PasswordlessLoginResponse> GetPasswordlessLoginResponseAsync(string id, string accessCode);
        /// Gets a passwordless login request by <paramref name="id"/> and <paramref name="accessCode"/>. No authentication required.
        /// </summary>
        Task<PasswordlessLoginResponse> GetPasswordlessLoginResquestAsync(string id, string accessCode);
        Task<PasswordlessLoginResponse> PasswordlessLoginAsync(string id, string pubKey, bool requestApproved);
-        Task<PasswordlessLoginResponse> PasswordlessCreateLoginRequestAsync(string email, AuthRequestType authRequestType);
+        Task<PasswordlessLoginResponse> PasswordlessCreateLoginRequestAsync(string email);
        Task CreateNewSsoUserAsync(string organizationSsoId);
        void LogOut(Action callback);
        void Init();
--- a/src/Core/Abstractions/IBiometricService.cs
+++ b/src/Core/Abstractions/IBiometricService.cs
@@ -4,7 +4,6 @@ namespace Bit.Core.Abstractions
 {
    public interface IBiometricService
    {
        Task<bool> CanUseBiometricsUnlockAsync();
        Task<bool> SetupBiometricAsync(string bioIntegritySrcKey = null);
        Task<bool> IsSystemBiometricIntegrityValidAsync(string bioIntegritySrcKey = null);
    }
--- a/src/Core/Abstractions/ICryptoService.cs
+++ b/src/Core/Abstractions/ICryptoService.cs
@@ -9,56 +9,49 @@ namespace Bit.Core.Abstractions
 {
    public interface ICryptoService
    {
-        void ClearCache();
+        Task ClearEncKeyAsync(bool memoryOnly = false, string userId = null);
-        Task RefreshKeysAsync();
+        Task ClearKeyAsync(string userId = null);
-        Task SetUserKeyAsync(UserKey userKey, string userId = null);
+        Task ClearKeyHashAsync(string userId = null);
        Task<UserKey> GetUserKeyAsync(string userId = null);
        Task<UserKey> GetUserKeyWithLegacySupportAsync(string userId = null);
        Task<bool> HasUserKeyAsync(string userId = null);
        Task<bool> HasEncryptedUserKeyAsync(string userId = null);
        Task<UserKey> MakeUserKeyAsync();
        Task ClearUserKeyAsync(string userId = null);
        Task SetMasterKeyEncryptedUserKeyAsync(string value, string userId = null);
        Task<UserKey> GetAutoUnlockKeyAsync(string userId = null);
        Task<bool> HasAutoUnlockKeyAsync(string userId = null);
        Task<UserKey> GetBiometricUnlockKeyAsync(string userId = null);
        Task SetMasterKeyAsync(MasterKey masterKey, string userId = null);
        Task<MasterKey> GetMasterKeyAsync(string userId = null);
        Task<MasterKey> MakeMasterKeyAsync(string password, string email, KdfConfig kdfConfig);
        Task ClearMasterKeyAsync(string userId = null);
        Task<Tuple<UserKey, EncString>> EncryptUserKeyWithMasterKeyAsync(MasterKey masterKey);
        Task<UserKey> DecryptUserKeyWithMasterKeyAsync(MasterKey masterKey, EncString encUserKey = null, string userId = null);
        Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(SymmetricCryptoKey key);
        Task<string> HashMasterKeyAsync(string password, MasterKey key, HashPurpose hashPurpose = HashPurpose.ServerAuthorization);
        Task SetMasterKeyHashAsync(string keyHash);
        Task<string> GetMasterKeyHashAsync();
        Task ClearMasterKeyHashAsync(string userId = null);
        Task<bool> CompareAndUpdateKeyHashAsync(string masterPassword, MasterKey key);
        Task SetOrgKeysAsync(IEnumerable<ProfileOrganizationResponse> orgs);
        Task<OrgKey> GetOrgKeyAsync(string orgId);
        Task<Dictionary<string, OrgKey>> GetOrgKeysAsync();
        Task ClearOrgKeysAsync(bool memoryOnly = false, string userId = null);
        Task<byte[]> GetUserPublicKeyAsync();
        Task SetUserPrivateKeyAsync(string encPrivateKey);
        Task<byte[]> GetUserPrivateKeyAsync();
        Task<List<string>> GetFingerprintAsync(string userId, byte[] publicKey = null);
        Task<Tuple<string, EncString>> MakeKeyPairAsync(SymmetricCryptoKey key = null);
        Task ClearKeyPairAsync(bool memoryOnly = false, string userId = null);
-        Task<PinKey> MakePinKeyAsync(string pin, string salt, KdfConfig config);
+        Task ClearKeysAsync(string userId = null);
-        Task ClearPinKeysAsync(string userId = null);
+        Task ClearOrgKeysAsync(bool memoryOnly = false, string userId = null);
-        Task<UserKey> DecryptUserKeyWithPinAsync(string pin, string salt, KdfConfig kdfConfig, EncString pinProtectedUserKey = null);
+        Task ClearPinProtectedKeyAsync(string userId = null);
-        Task<MasterKey> DecryptMasterKeyWithPinAsync(string pin, string salt, KdfConfig kdfConfig, EncString pinProtectedMasterKey = null);
+        void ClearCache();
        Task<SymmetricCryptoKey> MakeSendKeyAsync(byte[] keyMaterial);
        Task<EncString> RsaEncryptAsync(byte[] data, byte[] publicKey = null);
        Task<byte[]> RsaDecryptAsync(string encValue, byte[] privateKey = null);
        Task<int> RandomNumberAsync(int min, int max);
        Task<string> RandomStringAsync(int length);
        Task<byte[]> DecryptFromBytesAsync(byte[] encBytes, SymmetricCryptoKey key);
        Task<byte[]> DecryptToBytesAsync(EncString encString, SymmetricCryptoKey key = null);
        Task<string> DecryptToUtf8Async(EncString encString, SymmetricCryptoKey key = null);
        Task<EncString> EncryptAsync(byte[] plainValue, SymmetricCryptoKey key = null);
        Task<EncString> EncryptAsync(string plainValue, SymmetricCryptoKey key = null);
        Task<EncByteArray> EncryptToBytesAsync(byte[] plainValue, SymmetricCryptoKey key = null);
-        Task<UserKey> DecryptAndMigrateOldPinKeyAsync(bool masterPasswordOnRestart, string pin, string email, KdfConfig kdfConfig, EncString oldPinKey);
+        Task<SymmetricCryptoKey> GetEncKeyAsync(SymmetricCryptoKey key = null);
        Task<List<string>> GetFingerprintAsync(string userId, byte[] publicKey = null);
        Task<SymmetricCryptoKey> GetKeyAsync(string userId = null);
        Task<string> GetKeyHashAsync();
        Task<SymmetricCryptoKey> GetOrgKeyAsync(string orgId);
        Task<Dictionary<string, SymmetricCryptoKey>> GetOrgKeysAsync();
        Task<byte[]> GetPrivateKeyAsync();
        Task<byte[]> GetPublicKeyAsync();
        Task<bool> CompareAndUpdateKeyHashAsync(string masterPassword, SymmetricCryptoKey key);
        Task<bool> HasEncKeyAsync();
        Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key, HashPurpose hashPurpose = HashPurpose.ServerAuthorization);
        Task<bool> HasKeyAsync(string userId = null);
        Task<Tuple<SymmetricCryptoKey, EncString>> MakeEncKeyAsync(SymmetricCryptoKey key);
        Task<SymmetricCryptoKey> MakeKeyAsync(string password, string salt, KdfConfig config);
        Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt, KdfConfig config, EncString protectedKeyEs = null);
        Task<Tuple<string, EncString>> MakeKeyPairAsync(SymmetricCryptoKey key = null);
        Task<SymmetricCryptoKey> MakePinKeyAysnc(string pin, string salt, KdfConfig config);
        Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync();
        Task<SymmetricCryptoKey> MakeSendKeyAsync(byte[] keyMaterial);
        Task<int> RandomNumberAsync(int min, int max);
        Task<string> RandomStringAsync(int length);
        Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key);
        Task<EncString> RsaEncryptAsync(byte[] data, byte[] publicKey = null);
        Task<byte[]> RsaDecryptAsync(string encValue, byte[] privateKey = null);
        Task SetEncKeyAsync(string encKey);
        Task SetEncPrivateKeyAsync(string encPrivateKey);
        Task SetKeyAsync(SymmetricCryptoKey key);
        Task SetKeyHashAsync(string keyHash);
        Task SetOrgKeysAsync(IEnumerable<ProfileOrganizationResponse> orgs);
        Task ToggleKeyAsync();
    }
 }
--- a/src/Core/Abstractions/IDeviceTrustCryptoService.cs
+++ b/src/Core/Abstractions/IDeviceTrustCryptoService.cs
@@ -1,17 +0,0 @@
 using System.Threading.Tasks;
 using Bit.Core.Models.Domain;
 namespace Bit.Core.Abstractions
 {
    public interface IDeviceTrustCryptoService
    {
        Task<SymmetricCryptoKey> GetDeviceKeyAsync();
        Task<DeviceResponse> TrustDeviceAsync();
        Task<DeviceResponse> TrustDeviceIfNeededAsync();
        Task RemoveTrustedDeviceAsync();
        Task<bool> GetShouldTrustDeviceAsync();
        Task SetShouldTrustDeviceAsync(bool value);
        Task<UserKey> DecryptUserKeyWithDeviceKeyAsync(string encryptedDevicePrivateKey, string encryptedUserKey);
        Task<bool> IsDeviceTrustedAsync();
    }
 }
--- a/src/Core/Abstractions/IKeyConnectorService.cs
+++ b/src/Core/Abstractions/IKeyConnectorService.cs
@@ -1,17 +1,16 @@
-using System.Threading.Tasks;
+using System;
 using System.Threading.Tasks;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Response;
 namespace Bit.Core.Abstractions
 {
    public interface IKeyConnectorService
    {
-        Task SetUsesKeyConnectorAsync(bool usesKeyConnector);
+        Task SetUsesKeyConnector(bool usesKeyConnector);
-        Task<bool> GetUsesKeyConnectorAsync();
+        Task<bool> GetUsesKeyConnector();
-        Task<bool> UserNeedsMigrationAsync();
+        Task<bool> UserNeedsMigration();
-        Task MigrateUserAsync();
+        Task MigrateUser();
-        Task SetMasterKeyFromUrlAsync(string url);
+        Task GetAndSetKey(string url);
-        Task<Organization> GetManagingOrganizationAsync();
+        Task<Organization> GetManagingOrganization();
        Task ConvertNewUserToKeyConnectorAsync(string orgId, IdentityTokenResponse tokenResponse);
    }
 }
--- a/src/Core/Abstractions/IPasswordResetEnrollmentService.cs
+++ b/src/Core/Abstractions/IPasswordResetEnrollmentService.cs
@@ -1,12 +0,0 @@
 using System;
 using System.Threading.Tasks;
 namespace Bit.Core.Abstractions
 {
    public interface IPasswordResetEnrollmentService
    {
        Task EnrollIfRequiredAsync(string organizationSsoId);
        Task EnrollAsync(string organizationId);
    }
 }
--- a/src/Core/Abstractions/IStateService.cs
+++ b/src/Core/Abstractions/IStateService.cs
@@ -13,14 +13,6 @@ namespace Bit.Core.Abstractions
    public interface IStateService
    {
        List<AccountView> AccountViews { get; }
        Task<UserKey> GetUserKeyAsync(string userId = null);
        Task SetUserKeyAsync(UserKey value, string userId = null);
        Task<MasterKey> GetMasterKeyAsync(string userId = null);
        Task SetMasterKeyAsync(MasterKey value, string userId = null);
        Task<string> GetMasterKeyEncryptedUserKeyAsync(string userId = null);
        Task SetMasterKeyEncryptedUserKeyAsync(string value, string userId = null);
        Task<UserKey> GetUserKeyAutoUnlockAsync(string userId = null);
        Task SetUserKeyAutoUnlockAsync(UserKey value, string userId = null);
        Task<string> GetActiveUserIdAsync();
        Task<string> GetActiveUserEmailAsync();
        Task<T> GetActiveUserCustomDataAsync<T>(Func<Account, T> dataMapper);
@@ -35,8 +27,6 @@ namespace Bit.Core.Abstractions
        Task<EnvironmentUrlData> GetPreAuthEnvironmentUrlsAsync();
        Task SetPreAuthEnvironmentUrlsAsync(EnvironmentUrlData value);
        Task<EnvironmentUrlData> GetEnvironmentUrlsAsync(string userId = null);
        Task<UserKey> GetUserKeyBiometricUnlockAsync(string userId = null);
        Task SetUserKeyBiometricUnlockAsync(UserKey value, string userId = null);
        Task<bool?> GetBiometricUnlockAsync(string userId = null);
        Task SetBiometricUnlockAsync(bool? value, string userId = null);
        Task<bool> GetBiometricLockedAsync(string userId = null);
@@ -46,22 +36,26 @@ namespace Bit.Core.Abstractions
        Task<bool> IsAccountBiometricIntegrityValidAsync(string bioIntegritySrcKey, string userId = null);
        Task SetAccountBiometricIntegrityValidAsync(string bioIntegritySrcKey, string userId = null);
        Task<bool> CanAccessPremiumAsync(string userId = null);
        Task<string> GetProtectedPinAsync(string userId = null);
        Task SetPersonalPremiumAsync(bool value, string userId = null);
-        Task<EncString> GetPinKeyEncryptedUserKeyAsync(string userId = null);
+        Task<string> GetProtectedPinAsync(string userId = null);
        Task SetPinKeyEncryptedUserKeyAsync(EncString value, string userId = null);
        Task<EncString> GetPinKeyEncryptedUserKeyEphemeralAsync(string userId = null);
        Task SetPinKeyEncryptedUserKeyEphemeralAsync(EncString value, string userId = null);
        Task SetProtectedPinAsync(string value, string userId = null);
        Task<string> GetPinProtectedAsync(string userId = null);
        Task SetPinProtectedAsync(string value, string userId = null);
        Task<EncString> GetPinProtectedKeyAsync(string userId = null);
        Task SetPinProtectedKeyAsync(EncString value, string userId = null);
        Task SetKdfConfigurationAsync(KdfConfig config, string userId = null);
        Task<string> GetKeyEncryptedAsync(string userId = null);
        Task SetKeyEncryptedAsync(string value, string userId = null);
        Task<SymmetricCryptoKey> GetKeyDecryptedAsync(string userId = null);
        Task SetKeyDecryptedAsync(SymmetricCryptoKey value, string userId = null);
        Task<string> GetKeyHashAsync(string userId = null);
        Task SetKeyHashAsync(string value, string userId = null);
        Task<string> GetEncKeyEncryptedAsync(string userId = null);
        Task SetEncKeyEncryptedAsync(string value, string userId = null);
        Task<Dictionary<string, string>> GetOrgKeysEncryptedAsync(string userId = null);
        Task SetOrgKeysEncryptedAsync(Dictionary<string, string> value, string userId = null);
        Task<string> GetPrivateKeyEncryptedAsync(string userId = null);
        Task SetPrivateKeyEncryptedAsync(string value, string userId = null);
        Task<SymmetricCryptoKey> GetDeviceKeyAsync(string userId = null);
        Task SetDeviceKeyAsync(SymmetricCryptoKey value, string userId = null);
        Task<List<string>> GetAutofillBlacklistedUrisAsync(string userId = null);
        Task SetAutofillBlacklistedUrisAsync(List<string> value, string userId = null);
        Task<bool?> GetAutofillTileAddedAsync();
@@ -178,33 +172,9 @@ namespace Bit.Core.Abstractions
        Task<string> GetAvatarColorAsync(string userId = null);
        Task<string> GetPreLoginEmailAsync();
        Task SetPreLoginEmailAsync(string value);
        Task<AccountDecryptionOptions> GetAccountDecryptionOptions(string userId = null);
        Task<PendingAdminAuthRequest> GetPendingAdminAuthRequestAsync(string userId = null);
        Task SetPendingAdminAuthRequestAsync(PendingAdminAuthRequest value, string userId = null);
        string GetLocale();
        void SetLocale(string locale);
        ConfigResponse GetConfigs();
        void SetConfigs(ConfigResponse value);
        Task<bool> GetShouldTrustDeviceAsync();
        Task SetShouldTrustDeviceAsync(bool value);
        [Obsolete("Use GetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")]
        Task<string> GetPinProtectedAsync(string userId = null);
        [Obsolete("Use SetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")]
        Task SetPinProtectedAsync(string value, string userId = null);
        [Obsolete("Use GetPinKeyEncryptedUserKeyEphemeralAsync instead, left for migration purposes")]
        Task<EncString> GetPinProtectedKeyAsync(string userId = null);
        [Obsolete("Use SetPinKeyEncryptedUserKeyEphemeralAsync instead, left for migration purposes")]
        Task SetPinProtectedKeyAsync(EncString value, string userId = null);
        [Obsolete("Use GetMasterKeyEncryptedUserKeyAsync instead, left for migration purposes")]
        Task<string> GetEncKeyEncryptedAsync(string userId = null);
        [Obsolete("Use SetMasterKeyEncryptedUserKeyAsync instead, left for migration purposes")]
        Task SetEncKeyEncryptedAsync(string value, string userId = null);
        [Obsolete("Left for migration purposes")]
        Task SetKeyEncryptedAsync(string value, string userId = null);
        [Obsolete("Use GetUserKeyAutoUnlock instead, left for migration purposes")]
        Task<string> GetKeyEncryptedAsync(string userId = null);
        [Obsolete("Use GetMasterKeyAsync instead, left for migration purposes")]
        Task<SymmetricCryptoKey> GetKeyDecryptedAsync(string userId = null);
    }
 }
--- a/src/Core/Abstractions/IUserVerificationService.cs
+++ b/src/Core/Abstractions/IUserVerificationService.cs
@@ -6,6 +6,5 @@ namespace Bit.Core.Abstractions
    public interface IUserVerificationService
    {
        Task<bool> VerifyUser(string secret, VerificationType verificationType);
        Task<bool> HasMasterPasswordAsync();
    }
 }
--- a/src/Core/Abstractions/IVaultTimeoutService.cs
+++ b/src/Core/Abstractions/IVaultTimeoutService.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
 using Bit.Core.Services;
 namespace Bit.Core.Abstractions
 {
@@ -17,7 +16,7 @@ namespace Bit.Core.Abstractions
        Task<bool> ShouldLockAsync(string userId = null);
        Task<bool> IsLoggedOutByTimeoutAsync(string userId = null);
        Task<bool> ShouldLogOutByTimeoutAsync(string userId = null);
-        Task<PinLockType> GetPinLockTypeAsync(string userId = null);
+        Task<Tuple<bool, bool>> IsPinLockSetAsync(string userId = null);
        Task<bool> IsBiometricLockSetAsync(string userId = null);
        Task LockAsync(bool allowSoftLock = false, bool userInitiated = false, string userId = null);
        Task LogOutAsync(bool userInitiated = true, string userId = null);
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -1,6 +1,4 @@
-using System;
+namespace Bit.Core
 namespace Bit.Core
 {
    public static class Constants
    {
@@ -55,7 +53,6 @@ namespace Bit.Core
        public const string AppLocaleKey = "appLocale";
        public const string ClearSensitiveFields = "clearSensitiveFields";
        public const string ForceUpdatePassword = "forceUpdatePassword";
        public const string ShouldTrustDevice = "shouldTrustDevice";
        public const int SelectFileRequestCode = 42;
        public const int SelectFilePermissionRequestCode = 43;
        public const int SaveFileRequestCode = 44;
@@ -85,9 +82,6 @@ namespace Bit.Core
        public static string VaultTimeoutKey(string userId) => $"vaultTimeout_{userId}";
        public static string VaultTimeoutActionKey(string userId) => $"vaultTimeoutAction_{userId}";
        public static string MasterKeyEncryptedUserKeyKey(string userId) => $"masterKeyEncryptedUserKey_{userId}";
        public static string UserKeyAutoUnlockKey(string userId) => $"autoUnlock_{userId}";
        public static string UserKeyBiometricUnlockKey(string userId) => $"biometricUnlock_{userId}";
        public static string CiphersKey(string userId) => $"ciphers_{userId}";
        public static string FoldersKey(string userId) => $"folders_{userId}";
        public static string CollectionsKey(string userId) => $"collections_{userId}";
@@ -96,11 +90,12 @@ namespace Bit.Core
        public static string NeverDomainsKey(string userId) => $"neverDomains_{userId}";
        public static string SendsKey(string userId) => $"sends_{userId}";
        public static string PoliciesKey(string userId) => $"policies_{userId}";
        public static string KeyKey(string userId) => $"key_{userId}";
        public static string EncOrgKeysKey(string userId) => $"encOrgKeys_{userId}";
        public static string EncPrivateKeyKey(string userId) => $"encPrivateKey_{userId}";
-        public static string DeviceKeyKey(string userId) => $"deviceKey_{userId}";
+        public static string EncKeyKey(string userId) => $"encKey_{userId}";
        public static string KeyHashKey(string userId) => $"keyHash_{userId}";
-        public static string PinKeyEncryptedUserKeyKey(string userId) => $"pinKeyEncryptedUserKey_{userId}";
+        public static string PinProtectedKey(string userId) => $"pinProtectedKey_{userId}";
        public static string PassGenOptionsKey(string userId) => $"passwordGenerationOptions_{userId}";
        public static string PassGenHistoryKey(string userId) => $"generatedPasswordHistory_{userId}";
        public static string TwoFactorTokenKey(string email) => $"twoFactorToken_{email}";
@@ -129,12 +124,5 @@ namespace Bit.Core
        public static string PushCurrentTokenKey(string userId) => $"pushCurrentToken_{userId}";
        public static string ShouldConnectToWatchKey(string userId) => $"shouldConnectToWatch_{userId}";
        public static string ScreenCaptureAllowedKey(string userId) => $"screenCaptureAllowed_{userId}";
        public static string PendingAdminAuthRequest(string userId) => $"pendingAdminAuthRequest_{userId}";
        [Obsolete]
        public static string KeyKey(string userId) => $"key_{userId}";
        [Obsolete]
        public static string EncKeyKey(string userId) => $"encKey_{userId}";
        [Obsolete]
        public static string PinProtectedKey(string userId) => $"pinProtectedKey_{userId}";
    }
 }
--- a/src/Core/Enums/AuthRequestType.cs
+++ b/src/Core/Enums/AuthRequestType.cs
@@ -1,11 +0,0 @@
 using System;
 namespace Bit.Core.Enums
 {
    public enum AuthRequestType : byte
    {
        AuthenticateAndUnlock = 0,
        Unlock = 1,
        AdminApproval = 2
    }
 }
--- a/src/Core/Enums/DeviceType.cs
+++ b/src/Core/Enums/DeviceType.cs
@@ -1,7 +1,4 @@
-using System.Collections.Generic;
+namespace Bit.Core.Enums
 using System.Linq;
 namespace Bit.Core.Enums
 {
    public enum DeviceType : byte
    {
@@ -27,24 +24,4 @@ namespace Bit.Core.Enums
        VivaldiExtension = 19,
        SafariExtension = 20
    }
    public static class DeviceTypeExtensions
    {
        public static List<DeviceType> GetMobileTypes() => new List<DeviceType>
            {
                DeviceType.Android,
                DeviceType.AndroidAmazon,
                DeviceType.iOS
            };
        public static List<DeviceType> GetDesktopTypes() => new List<DeviceType>
            {
                DeviceType.WindowsDesktop,
                DeviceType.MacOsDesktop,
                DeviceType.LinuxDesktop,
                DeviceType.UWP,
            };
        public static List<DeviceType> GetDesktopAndMobileTypes() => GetMobileTypes().Concat(GetDesktopTypes()).ToList();
    }
 }
--- a/src/Core/Exceptions/UserAndMasterKeyNullException.cs
+++ b/src/Core/Exceptions/UserAndMasterKeyNullException.cs
@@ -1,12 +0,0 @@
 using System;
 namespace Bit.Core.Exceptions
 {
    public class UserAndMasterKeysNullException : Exception
    {
        public UserAndMasterKeysNullException()
            : base("UserKey and MasterKey are null.")
        {
        }
    }
 }
--- a/src/Core/Models/Domain/Account.cs
+++ b/src/Core/Models/Domain/Account.cs
@@ -53,7 +53,6 @@ namespace Bit.Core.Models.Domain
                HasPremiumPersonally = copy.HasPremiumPersonally;
                AvatarColor = copy.AvatarColor;
                ForcePasswordResetReason = copy.ForcePasswordResetReason;
                UserDecryptionOptions = copy.UserDecryptionOptions;
            }
            public string UserId;
@@ -69,7 +68,6 @@ namespace Bit.Core.Models.Domain
            public bool? EmailVerified;
            public bool? HasPremiumPersonally;
            public ForcePasswordResetReason? ForcePasswordResetReason;
            public AccountDecryptionOptions UserDecryptionOptions;
        }
        public class AccountTokens
@@ -119,14 +117,9 @@ namespace Bit.Core.Models.Domain
        public class AccountVolatileData
        {
            public UserKey UserKey;
            public MasterKey MasterKey;
            public EncString PinKeyEncryptedUserKeyEphemeral;
            public bool? BiometricLocked;
            [Obsolete("Jul 6 2023: Key has been deprecated. We will use the User Key in the future. It remains here for migration during app upgrade.")]
            public SymmetricCryptoKey Key;
            [Obsolete("Jul 6 2023: PinProtectedKey has been deprecated in favor of UserKeyPinEphemeral. It remains here for migration during app upgrade.")]
            public EncString PinProtectedKey;
            public bool? BiometricLocked;
        }
    }
 }
--- a/src/Core/Models/Domain/AccountDecryptionOptions.cs
+++ b/src/Core/Models/Domain/AccountDecryptionOptions.cs
@@ -1,27 +0,0 @@
 using System;
 namespace Bit.Core.Models.Domain
 {
    public class AccountDecryptionOptions
    {
        public bool HasMasterPassword { get; set; }
        public TrustedDeviceOption TrustedDeviceOption { get; set; }
        public KeyConnectorOption KeyConnectorOption { get; set; }
        public bool RequireSetPassword => !HasMasterPassword && KeyConnectorOption == null;
    }
    public class TrustedDeviceOption
    {
        public bool HasAdminApproval { get; set; }
        public bool HasLoginApprovingDevice { get; set; }
        public bool HasManageResetPasswordPermission { get; set; }
        public string EncryptedPrivateKey { get; set; }
        public string EncryptedUserKey { get; set; }
    }
    public class KeyConnectorOption
    {
        public string KeyConnectorUrl { get; set; }
    }
 }
--- a/src/Core/Models/Domain/PendingAdminAuthRequest.cs
+++ b/src/Core/Models/Domain/PendingAdminAuthRequest.cs
@@ -1,10 +0,0 @@
 using System;
 namespace Bit.Core.Models.Domain
 {
    public class PendingAdminAuthRequest
    {
        public string Id { get; set; }
        public byte[] PrivateKey { get; set; }
    }
 }
--- a/src/Core/Models/Domain/SymmetricCryptoKey.cs
+++ b/src/Core/Models/Domain/SymmetricCryptoKey.cs
@@ -74,32 +74,4 @@ namespace Bit.Core.Models.Domain
        public string EncKeyB64 { get; set; }
        public string MacKeyB64 { get; set; }
    }
    public class UserKey : SymmetricCryptoKey
    {
        public UserKey(byte[] key, EncryptionType? encType = null)
            : base(key, encType)
        { }
    }
    public class MasterKey : SymmetricCryptoKey
    {
        public MasterKey(byte[] key, EncryptionType? encType = null)
            : base(key, encType)
        { }
    }
    public class PinKey : SymmetricCryptoKey
    {
        public PinKey(byte[] key, EncryptionType? encType = null)
            : base(key, encType)
        { }
    }
    public class OrgKey : SymmetricCryptoKey
    {
        public OrgKey(byte[] key, EncryptionType? encType = null)
            : base(key, encType)
        { }
    }
 }
--- a/src/Core/Models/Request/PasswordlessCreateLoginRequest.cs
+++ b/src/Core/Models/Request/PasswordlessCreateLoginRequest.cs
@@ -1,6 +1,4 @@
 using System;
 using Bit.Core.Enums;
 namespace Bit.Core.Models.Request
 {
    public class PasswordlessCreateLoginRequest
@@ -27,4 +25,10 @@ namespace Bit.Core.Models.Request
        public string FingerprintPhrase { get; set; }
    }
    public enum AuthRequestType : byte
    {
        AuthenticateAndUnlock = 0,
        Unlock = 1
    }
 }
--- a/src/Core/Models/Request/PasswordlessLoginRequest.cs
+++ b/src/Core/Models/Request/PasswordlessLoginRequest.cs
@@ -8,7 +8,7 @@ namespace Bit.Core.Models.Request
            bool requestApproved)
        {
            Key = key ?? throw new ArgumentNullException(nameof(key));
-            MasterPasswordHash = masterPasswordHash;
+            MasterPasswordHash = masterPasswordHash ?? throw new ArgumentNullException(nameof(masterPasswordHash));
            DeviceIdentifier = deviceIdentifier ?? throw new ArgumentNullException(nameof(deviceIdentifier));
            RequestApproved = requestApproved;
        }
--- a/src/Core/Models/Request/TrustedDeviceKeysRequest.cs
+++ b/src/Core/Models/Request/TrustedDeviceKeysRequest.cs
@@ -1,10 +0,0 @@
 namespace Bit.Core.Models.Request
 {
    public class TrustedDeviceKeysRequest
    {
        public string EncryptedUserKey { get; set; }
        public string EncryptedPublicKey { get; set; }
        public string EncryptedPrivateKey { get; set; }
    }
 }
--- a/src/Core/Models/Response/DeviceResponse.cs
+++ b/src/Core/Models/Response/DeviceResponse.cs
@@ -1,13 +0,0 @@
 using Bit.Core.Enums;
 public class DeviceResponse
 {
    public string Id { get; set; }
    public string Name { get; set; }
    public string Identifier { get; set; }
    public DeviceType Type { get; set; }
    public string CreationDate { get; set; }
    public string EncryptedUserKey { get; set; }
    public string EncryptedPublicKey { get; set; }
    public string EncryptedPrivateKey { get; set; }
 }
--- a/src/Core/Models/Response/IdentityTokenResponse.cs
+++ b/src/Core/Models/Response/IdentityTokenResponse.cs
@@ -27,7 +27,6 @@ namespace Bit.Core.Models.Response
        public bool ForcePasswordReset { get; set; }
        public string KeyConnectorUrl { get; set; }
        public MasterPasswordPolicyOptions MasterPasswordPolicy { get; set; }
        public AccountDecryptionOptions UserDecryptionOptions { get; set; }
        [JsonIgnore]
        public KdfConfig KdfConfig => new KdfConfig(Kdf, KdfIterations, KdfMemory, KdfParallelism);
    }
--- a/src/Core/Services/ApiService.cs
+++ b/src/Core/Services/ApiService.cs
@@ -397,38 +397,12 @@ namespace Bit.Core.Services
        #region Device APIs
        public Task<bool> GetKnownDeviceAsync(string email, string deviceIdentifier)
        {
            return SendAsync<object, bool>(HttpMethod.Get, "/devices/knowndevice", null, false, true, (message) =>
            {
                message.Headers.Add("X-Device-Identifier", deviceIdentifier);
                message.Headers.Add("X-Request-Email", CoreHelpers.Base64UrlEncode(Encoding.UTF8.GetBytes(email)));
            });
        }
        public Task PutDeviceTokenAsync(string identifier, DeviceTokenRequest request)
        {
            return SendAsync<DeviceTokenRequest, object>(
                HttpMethod.Put, $"/devices/identifier/{identifier}/token", request, true, false);
        }
        public Task<bool> GetDevicesExistenceByTypes(DeviceType[] deviceTypes)
        {
            return SendAsync<DeviceType[], bool>(
                HttpMethod.Post, "/devices/exist-by-types", deviceTypes, true, true);
        }
        public Task<DeviceResponse> GetDeviceByIdentifierAsync(string deviceIdentifier)
        {
            return SendAsync<object, DeviceResponse>(HttpMethod.Get, $"/devices/identifier/{deviceIdentifier}", null, true, true);
        }
        public Task<DeviceResponse> UpdateTrustedDeviceKeysAsync(string deviceIdentifier, TrustedDeviceKeysRequest trustedDeviceKeysRequest)
        {
            return SendAsync<TrustedDeviceKeysRequest, DeviceResponse>(HttpMethod.Put, $"/devices/{deviceIdentifier}/keys", trustedDeviceKeysRequest, true, true);
        }
        #endregion
        #region Event APIs
@@ -511,7 +485,7 @@ namespace Bit.Core.Services
        #region Key Connector
-        public async Task<KeyConnectorUserKeyResponse> GetMasterKeyFromKeyConnectorAsync(string keyConnectorUrl)
+        public async Task<KeyConnectorUserKeyResponse> GetUserKeyFromKeyConnector(string keyConnectorUrl)
        {
            using (var requestMessage = new HttpRequestMessage())
            {
@@ -591,9 +565,9 @@ namespace Bit.Core.Services
            return SendAsync<object, PasswordlessLoginResponse>(HttpMethod.Get, $"/auth-requests/{id}/response?code={accessCode}", null, false, true);
        }
-        public Task<PasswordlessLoginResponse> PostCreateRequestAsync(PasswordlessCreateLoginRequest passwordlessCreateLoginRequest, AuthRequestType authRequestType)
+        public Task<PasswordlessLoginResponse> PostCreateRequestAsync(PasswordlessCreateLoginRequest passwordlessCreateLoginRequest)
        {
-            return SendAsync<object, PasswordlessLoginResponse>(HttpMethod.Post, authRequestType == AuthRequestType.AdminApproval ? "/auth-requests/admin-request" : "/auth-requests", passwordlessCreateLoginRequest, authRequestType == AuthRequestType.AdminApproval, true);
+            return SendAsync<object, PasswordlessLoginResponse>(HttpMethod.Post, $"/auth-requests", passwordlessCreateLoginRequest, false, true);
        }
        public Task<PasswordlessLoginResponse> PutAuthRequestAsync(string id, string encKey, string encMasterPasswordHash, string deviceIdentifier, bool requestApproved)
@@ -602,6 +576,15 @@ namespace Bit.Core.Services
            return SendAsync<object, PasswordlessLoginResponse>(HttpMethod.Put, $"/auth-requests/{id}", request, true, true);
        }
        public Task<bool> GetKnownDeviceAsync(string email, string deviceIdentifier)
        {
            return SendAsync<object, bool>(HttpMethod.Get, "/devices/knowndevice", null, false, true, (message) =>
            {
                message.Headers.Add("X-Device-Identifier", deviceIdentifier);
                message.Headers.Add("X-Request-Email", CoreHelpers.Base64UrlEncode(Encoding.UTF8.GetBytes(email)));
            });
        }
        #endregion
        #region Configs
--- a/src/Core/Services/AuthService.cs
+++ b/src/Core/Services/AuthService.cs
@@ -27,12 +27,10 @@ namespace Bit.Core.Services
        private readonly IKeyConnectorService _keyConnectorService;
        private readonly IPasswordGenerationService _passwordGenerationService;
        private readonly IPolicyService _policyService;
        private readonly IDeviceTrustCryptoService _deviceTrustCryptoService;
        private readonly IPasswordResetEnrollmentService _passwordResetEnrollmentService;
        private readonly bool _setCryptoKeys;
        private readonly LazyResolve<IWatchDeviceService> _watchDeviceService = new LazyResolve<IWatchDeviceService>();
-        private MasterKey _masterKey;
+        private SymmetricCryptoKey _key;
        private string _authedUserId;
        private MasterPasswordPolicyOptions _masterPasswordPolicy;
@@ -48,11 +46,10 @@ namespace Bit.Core.Services
            II18nService i18nService,
            IPlatformUtilsService platformUtilsService,
            IMessagingService messagingService,
            IVaultTimeoutService vaultTimeoutService,
            IKeyConnectorService keyConnectorService,
            IPasswordGenerationService passwordGenerationService,
            IPolicyService policyService,
            IDeviceTrustCryptoService deviceTrustCryptoService,
            IPasswordResetEnrollmentService passwordResetEnrollmentService,
            bool setCryptoKeys = true)
        {
            _cryptoService = cryptoService;
@@ -67,8 +64,6 @@ namespace Bit.Core.Services
            _keyConnectorService = keyConnectorService;
            _passwordGenerationService = passwordGenerationService;
            _policyService = policyService;
            _deviceTrustCryptoService = deviceTrustCryptoService;
            _passwordResetEnrollmentService = passwordResetEnrollmentService;
            _setCryptoKeys = setCryptoKeys;
            TwoFactorProviders = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
@@ -150,8 +145,8 @@ namespace Bit.Core.Services
            SelectedTwoFactorProviderType = null;
            _2faForcePasswordResetReason = null;
            var key = await MakePreloginKeyAsync(masterPassword, email);
-            var hashedPassword = await _cryptoService.HashMasterKeyAsync(masterPassword, key);
+            var hashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key);
-            var localHashedPassword = await _cryptoService.HashMasterKeyAsync(masterPassword, key, HashPurpose.LocalAuthorization);
+            var localHashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
            var result = await LogInHelperAsync(email, hashedPassword, localHashedPassword, null, null, null, key, null, null, null, captchaToken);
            if (await RequirePasswordChangeAsync(email, masterPassword))
@@ -200,36 +195,11 @@ namespace Bit.Core.Services
            return !await _policyService.EvaluateMasterPassword(strength.Value, masterPassword, _masterPasswordPolicy);
        }
-        public async Task<AuthResult> LogInPasswordlessAsync(string email, string accessCode, string authRequestId, byte[] decryptionKey, string encryptedAuthRequestKey, string masterKeyHash)
+        public async Task<AuthResult> LogInPasswordlessAsync(string email, string accessCode, string authRequestId, byte[] decryptionKey, string userKeyCiphered, string localHashedPasswordCiphered)
        {
-            var decryptedKey = await _cryptoService.RsaDecryptAsync(encryptedAuthRequestKey, decryptionKey);
+            var decKey = await _cryptoService.RsaDecryptAsync(userKeyCiphered, decryptionKey);
-
+            var decPasswordHash = await _cryptoService.RsaDecryptAsync(localHashedPasswordCiphered, decryptionKey);
-            // On SSO flow user is already AuthN
+            return await LogInHelperAsync(email, accessCode, Encoding.UTF8.GetString(decPasswordHash), null, null, null, new SymmetricCryptoKey(decKey), null, null,
            if (await _stateService.IsAuthenticatedAsync())
            {
                if (string.IsNullOrEmpty(masterKeyHash))
                {
                    await _cryptoService.SetUserKeyAsync(new UserKey(decryptedKey));
                }
                else
                {
                    var masterKey = new MasterKey(decryptedKey);
                    var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
                    await _cryptoService.SetMasterKeyAsync(masterKey);
                    await _cryptoService.SetUserKeyAsync(userKey);
                }
                await _deviceTrustCryptoService.TrustDeviceIfNeededAsync();
                return null;
            }
            if (string.IsNullOrEmpty(masterKeyHash) && decryptionKey != null)
            {
                await _cryptoService.SetUserKeyAsync(new UserKey(decryptedKey));
                return null;
            }
            var decKeyHash = await _cryptoService.RsaDecryptAsync(masterKeyHash, decryptionKey);
            return await LogInHelperAsync(email, accessCode, Encoding.UTF8.GetString(decKeyHash), null, null, null, new MasterKey(decryptedKey), null, null,
                null, null, authRequestId: authRequestId);
        }
@@ -246,7 +216,7 @@ namespace Bit.Core.Services
            {
                CaptchaToken = captchaToken;
            }
-            var result = await LogInHelperAsync(Email, MasterPasswordHash, LocalMasterPasswordHash, Code, CodeVerifier, SsoRedirectUrl, _masterKey,
+            var result = await LogInHelperAsync(Email, MasterPasswordHash, LocalMasterPasswordHash, Code, CodeVerifier, SsoRedirectUrl, _key,
                twoFactorProvider, twoFactorToken, remember, CaptchaToken, authRequestId: AuthRequestId);
            // If we successfully authenticated and we have a saved _2faForcePasswordResetReason reason from LogInAsync()
@@ -266,8 +236,8 @@ namespace Bit.Core.Services
        {
            SelectedTwoFactorProviderType = null;
            var key = await MakePreloginKeyAsync(masterPassword, email);
-            var hashedPassword = await _cryptoService.HashMasterKeyAsync(masterPassword, key);
+            var hashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key);
-            var localHashedPassword = await _cryptoService.HashMasterKeyAsync(masterPassword, key, HashPurpose.LocalAuthorization);
+            var localHashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
            return await LogInHelperAsync(email, hashedPassword, localHashedPassword, null, null, null, key, twoFactorProvider,
                twoFactorToken, remember);
        }
@@ -367,7 +337,7 @@ namespace Bit.Core.Services
        // Helpers
-        private async Task<MasterKey> MakePreloginKeyAsync(string masterPassword, string email)
+        private async Task<SymmetricCryptoKey> MakePreloginKeyAsync(string masterPassword, string email)
        {
            email = email.Trim().ToLower();
            KdfConfig kdfConfig = KdfConfig.Default;
@@ -386,11 +356,11 @@ namespace Bit.Core.Services
                    throw;
                }
            }
-            return await _cryptoService.MakeMasterKeyAsync(masterPassword, email, kdfConfig);
+            return await _cryptoService.MakeKeyAsync(masterPassword, email, kdfConfig);
        }
        private async Task<AuthResult> LogInHelperAsync(string email, string hashedPassword, string localHashedPassword,
-            string code, string codeVerifier, string redirectUrl, MasterKey masterKey,
+            string code, string codeVerifier, string redirectUrl, SymmetricCryptoKey key,
            TwoFactorProviderType? twoFactorProvider = null, string twoFactorToken = null, bool? remember = null,
            string captchaToken = null, string orgId = null, string authRequestId = null)
        {
@@ -456,7 +426,7 @@ namespace Bit.Core.Services
                Code = code;
                CodeVerifier = codeVerifier;
                SsoRedirectUrl = redirectUrl;
-                _masterKey = _setCryptoKeys ? masterKey : null;
+                _key = _setCryptoKeys ? key : null;
                TwoFactorProvidersData = response.TwoFactorResponse.TwoFactorProviders2;
                result.TwoFactorProviders = response.TwoFactorResponse.TwoFactorProviders2;
                CaptchaToken = response.TwoFactorResponse.CaptchaToken;
@@ -489,7 +459,6 @@ namespace Bit.Core.Services
                        ForcePasswordResetReason = result.ForcePasswordReset
                            ? ForcePasswordResetReason.AdminForcePasswordReset
                            : (ForcePasswordResetReason?)null,
                        UserDecryptionOptions = tokenResponse.UserDecryptionOptions,
                    },
                    new Account.AccountTokens()
                    {
@@ -501,51 +470,24 @@ namespace Bit.Core.Services
            _messagingService.Send("accountAdded");
            if (_setCryptoKeys)
            {
-                if (localHashedPassword != null)
+                if (key != null)
                {
-                    await _cryptoService.SetMasterKeyHashAsync(localHashedPassword);
+                    await _cryptoService.SetKeyAsync(key);
                    await _cryptoService.SetMasterKeyAsync(masterKey);
                }
-                // Trusted Device
+                if (localHashedPassword != null)
                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                var hasUserKey = await _cryptoService.HasUserKeyAsync();
                if (decryptOptions?.TrustedDeviceOption != null && !hasUserKey &&
                    decryptOptions.TrustedDeviceOption.EncryptedPrivateKey != null &&
                    decryptOptions.TrustedDeviceOption.EncryptedUserKey != null)
                {
-                    var key = await _deviceTrustCryptoService.DecryptUserKeyWithDeviceKeyAsync(decryptOptions.TrustedDeviceOption.EncryptedPrivateKey,
+                    await _cryptoService.SetKeyHashAsync(localHashedPassword);
                            decryptOptions.TrustedDeviceOption.EncryptedUserKey);
                    if (key != null)
                    {
                        await _cryptoService.SetUserKeyAsync(key);
                    }
                }
                if (code == null || tokenResponse.Key != null)
                {
-                    await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(tokenResponse.Key);
+                    if (tokenResponse.KeyConnectorUrl != null)
                    // Key Connector
                    if (!string.IsNullOrEmpty(tokenResponse.KeyConnectorUrl) || !string.IsNullOrEmpty(decryptOptions?.KeyConnectorOption?.KeyConnectorUrl))
                    {
-                        var url = tokenResponse.KeyConnectorUrl ?? decryptOptions.KeyConnectorOption.KeyConnectorUrl;
+                        await _keyConnectorService.GetAndSetKey(tokenResponse.KeyConnectorUrl);
                        await _keyConnectorService.SetMasterKeyFromUrlAsync(url);
                    }
-                    // Login with Device
+                    await _cryptoService.SetEncKeyAsync(tokenResponse.Key);
                    if (masterKey != null && !string.IsNullOrEmpty(authRequestId))
                    {
                        await _cryptoService.SetMasterKeyAsync(masterKey);
                    }
                    // Decrypt UserKey with MasterKey
                    masterKey ??= await _stateService.GetMasterKeyAsync();
                    if (masterKey != null)
                    {
                        var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
                        await _cryptoService.SetUserKeyAsync(userKey);
                    }
                    // User doesn't have a key pair yet (old account), let's generate one for them.
                    if (tokenResponse.PrivateKey == null)
@@ -563,20 +505,40 @@ namespace Bit.Core.Services
                        catch { }
                    }
-                    await _cryptoService.SetUserPrivateKeyAsync(tokenResponse.PrivateKey);
+                    await _cryptoService.SetEncPrivateKeyAsync(tokenResponse.PrivateKey);
                }
                else if (tokenResponse.KeyConnectorUrl != null)
                {
-                    // New User has tokenResponse.Key == null
+                    // SSO Key Connector Onboarding
-                    if (tokenResponse.Key == null)
+                    var password = await _cryptoFunctionService.RandomBytesAsync(64);
                    var k = await _cryptoService.MakeKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.KdfConfig);
                    var keyConnectorRequest = new KeyConnectorUserKeyRequest(k.EncKeyB64);
                    await _cryptoService.SetKeyAsync(k);
                    var encKey = await _cryptoService.MakeEncKeyAsync(k);
                    await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
                    var keyPair = await _cryptoService.MakeKeyPairAsync();
                    try
                    {
-                        await _keyConnectorService.ConvertNewUserToKeyConnectorAsync(orgId, tokenResponse);
+                        await _apiService.PostUserKeyToKeyConnector(tokenResponse.KeyConnectorUrl, keyConnectorRequest);
                    }
-                    else
+                    catch (Exception e)
                    {
-                        await _keyConnectorService.SetMasterKeyFromUrlAsync(tokenResponse.KeyConnectorUrl);
+                        throw new Exception("Unable to reach Key Connector", e);
                    }
                    var keys = new KeysRequest
                    {
                        PublicKey = keyPair.Item1,
                        EncryptedPrivateKey = keyPair.Item2.EncryptedString
                    };
                    var setPasswordRequest = new SetKeyConnectorKeyRequest(
                        encKey.Item2.EncryptedString, keys, tokenResponse.KdfConfig, orgId
                    );
                    await _apiService.PostSetKeyConnectorKey(setPasswordRequest);
                }
            }
            _authedUserId = _tokenService.GetUserId();
@@ -587,7 +549,7 @@ namespace Bit.Core.Services
        private void ClearState()
        {
-            _masterKey = null;
+            _key = null;
            Email = null;
            CaptchaToken = null;
            MasterPasswordHash = null;
@@ -613,22 +575,14 @@ namespace Bit.Core.Services
            var activeRequests = requests.Where(r => !r.IsAnswered && !r.IsExpired).OrderByDescending(r => r.CreationDate).ToList();
            return await PopulateFingerprintPhrasesAsync(activeRequests);
        }
        public async Task<PasswordlessLoginResponse> GetPasswordlessLoginRequestByIdAsync(string id)
        {
-            try
+            var response = await _apiService.GetAuthRequestAsync(id);
-            {
+            return await PopulateFingerprintPhraseAsync(response, await _stateService.GetEmailAsync());
                var response = await _apiService.GetAuthRequestAsync(id);
                return await PopulateFingerprintPhraseAsync(response, await _stateService.GetEmailAsync());
            }
            catch (ApiException ex) when (ex.Error?.StatusCode == System.Net.HttpStatusCode.NotFound)
            {
                // Thrown when request expires and purge job erases it from the db
                return null;
            }
        }
-        /// <inheritdoc />
+        public async Task<PasswordlessLoginResponse> GetPasswordlessLoginResponseAsync(string id, string accessCode)
        public async Task<PasswordlessLoginResponse> GetPasswordlessLoginResquestAsync(string id, string accessCode)
        {
            return await _apiService.GetAuthResponseAsync(id, accessCode);
        }
@@ -636,36 +590,15 @@ namespace Bit.Core.Services
        public async Task<PasswordlessLoginResponse> PasswordlessLoginAsync(string id, string pubKey, bool requestApproved)
        {
            var publicKey = CoreHelpers.Base64UrlDecode(pubKey);
-            var masterKey = await _cryptoService.GetMasterKeyAsync();
+            var masterKey = await _cryptoService.GetKeyAsync();
-            byte[] keyToEncrypt = null;
+            var encryptedKey = await _cryptoService.RsaEncryptAsync(masterKey.EncKey, publicKey);
-            EncString encryptedMasterPassword = null;
+            var encryptedMasterPassword = await _cryptoService.RsaEncryptAsync(Encoding.UTF8.GetBytes(await _stateService.GetKeyHashAsync()), publicKey);
            if (masterKey == null)
            {
                var userKey = await _cryptoService.GetUserKeyAsync();
                if (userKey == null)
                {
                    throw new UserAndMasterKeysNullException();
                }
                keyToEncrypt = userKey.Key;
            }
            else
            {
                keyToEncrypt = masterKey.Key;
                var keyHash = await _stateService.GetKeyHashAsync();
                if (!string.IsNullOrEmpty(keyHash))
                {
                    encryptedMasterPassword = await _cryptoService.RsaEncryptAsync(Encoding.UTF8.GetBytes(keyHash), publicKey);
                }
            }
            var encryptedKey = await _cryptoService.RsaEncryptAsync(keyToEncrypt, publicKey);
            var deviceId = await _appIdService.GetAppIdAsync();
-            var response = await _apiService.PutAuthRequestAsync(id, encryptedKey.EncryptedString, encryptedMasterPassword?.EncryptedString, deviceId, requestApproved);
+            var response = await _apiService.PutAuthRequestAsync(id, encryptedKey.EncryptedString, encryptedMasterPassword.EncryptedString, deviceId, requestApproved);
            return await PopulateFingerprintPhraseAsync(response, await _stateService.GetEmailAsync());
        }
-        public async Task<PasswordlessLoginResponse> PasswordlessCreateLoginRequestAsync(string email, AuthRequestType authRequestType)
+        public async Task<PasswordlessLoginResponse> PasswordlessCreateLoginRequestAsync(string email)
        {
            var deviceId = await _appIdService.GetAppIdAsync();
            var keyPair = await _cryptoFunctionService.RsaGenerateKeyPairAsync(2048);
@@ -673,8 +606,8 @@ namespace Bit.Core.Services
            var fingerprintPhrase = string.Join("-", generatedFingerprintPhrase);
            var publicB64 = Convert.ToBase64String(keyPair.Item1);
            var accessCode = await _passwordGenerationService.GeneratePasswordAsync(PasswordGenerationOptions.CreateDefault.WithLength(25));
-            var passwordlessCreateLoginRequest = new PasswordlessCreateLoginRequest(email, publicB64, deviceId, accessCode, authRequestType, fingerprintPhrase);
+            var passwordlessCreateLoginRequest = new PasswordlessCreateLoginRequest(email, publicB64, deviceId, accessCode, AuthRequestType.AuthenticateAndUnlock, fingerprintPhrase);
-            var response = await _apiService.PostCreateRequestAsync(passwordlessCreateLoginRequest, authRequestType);
+            var response = await _apiService.PostCreateRequestAsync(passwordlessCreateLoginRequest);
            if (response != null)
            {
@@ -705,22 +638,5 @@ namespace Bit.Core.Services
            passwordlessLogin.FingerprintPhrase = string.Join("-", await _cryptoService.GetFingerprintAsync(userEmail, CoreHelpers.Base64UrlDecode(passwordlessLogin.PublicKey)));
            return passwordlessLogin;
        }
        public async Task CreateNewSsoUserAsync(string organizationSsoId)
        {
            var orgAutoEnrollStatusResponse = await _apiService.GetOrganizationAutoEnrollStatusAsync(organizationSsoId);
            var randomBytes = _cryptoFunctionService.RandomBytes(64);
            var userKey = new UserKey(randomBytes);
            var (userPubKey, userPrivKey) = await _cryptoService.MakeKeyPairAsync(userKey);
            await _apiService.PostAccountKeysAsync(new KeysRequest
            {
                PublicKey = userPubKey,
                EncryptedPrivateKey = userPrivKey.EncryptedString
            });
            await _stateService.SetUserKeyAsync(userKey);
            await _stateService.SetPrivateKeyEncryptedAsync(userPrivKey.EncryptedString);
            await _passwordResetEnrollmentService.EnrollAsync(orgAutoEnrollStatusResponse.Id);
        }
    }
 }
--- a/src/Core/Services/CipherService.cs
+++ b/src/Core/Services/CipherService.cs
@@ -250,7 +250,8 @@ namespace Bit.Core.Services
            {
                try
                {
-                    if (!await _cryptoService.HasUserKeyAsync())
+                    var hashKey = await _cryptoService.HasKeyAsync();
                    if (!hashKey)
                    {
                        throw new Exception("No key.");
                    }
@@ -590,9 +591,9 @@ namespace Bit.Core.Services
        public async Task<Cipher> SaveAttachmentRawWithServerAsync(Cipher cipher, string filename, byte[] data)
        {
-            var (attachmentKey, protectedAttachmentKey, encKey) = await MakeAttachmentKeyAsync(cipher.OrganizationId);
+            var orgKey = await _cryptoService.GetOrgKeyAsync(cipher.OrganizationId);
-
+            var encFileName = await _cryptoService.EncryptAsync(filename, orgKey);
-            var encFileName = await _cryptoService.EncryptAsync(filename, encKey);
+            var (attachmentKey, orgEncAttachmentKey) = await _cryptoService.MakeEncKeyAsync(orgKey);
            var encFileData = await _cryptoService.EncryptToBytesAsync(data, attachmentKey);
            CipherResponse response;
@@ -600,7 +601,7 @@ namespace Bit.Core.Services
            {
                var request = new AttachmentRequest
                {
-                    Key = protectedAttachmentKey.EncryptedString,
+                    Key = orgEncAttachmentKey.EncryptedString,
                    FileName = encFileName.EncryptedString,
                    FileSize = encFileData.Buffer.Length,
                };
@@ -611,7 +612,7 @@ namespace Bit.Core.Services
            }
            catch (ApiException e) when (e.Error.StatusCode == System.Net.HttpStatusCode.NotFound || e.Error.StatusCode == System.Net.HttpStatusCode.MethodNotAllowed)
            {
-                response = await LegacyServerAttachmentFileUploadAsync(cipher.Id, encFileName, encFileData, protectedAttachmentKey);
+                response = await LegacyServerAttachmentFileUploadAsync(cipher.Id, encFileName, encFileData, orgEncAttachmentKey);
            }
            var userId = await _stateService.GetActiveUserIdAsync();
@@ -829,14 +830,6 @@ namespace Bit.Core.Services
        // Helpers
        private async Task<Tuple<SymmetricCryptoKey, EncString, SymmetricCryptoKey>> MakeAttachmentKeyAsync(string organizationId)
        {
            var encryptionKey = await _cryptoService.GetOrgKeyAsync(organizationId)
                ?? (SymmetricCryptoKey)await _cryptoService.GetUserKeyWithLegacySupportAsync();
            var (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(encryptionKey);
            return new Tuple<SymmetricCryptoKey, EncString, SymmetricCryptoKey>(attachmentKey, protectedAttachmentKey, encryptionKey);
        }
        private async Task ShareAttachmentWithServerAsync(AttachmentView attachmentView, string cipherId,
            string organizationId)
        {
@@ -848,16 +841,14 @@ namespace Bit.Core.Services
            var bytes = await attachmentResponse.Content.ReadAsByteArrayAsync();
            var decBytes = await _cryptoService.DecryptFromBytesAsync(bytes, null);
-
+            var key = await _cryptoService.GetOrgKeyAsync(organizationId);
-            var (attachmentKey, protectedAttachmentKey, encKey) = await MakeAttachmentKeyAsync(organizationId);
+            var encFileName = await _cryptoService.EncryptAsync(attachmentView.FileName, key);
-
+            var dataEncKey = await _cryptoService.MakeEncKeyAsync(key);
-            var encFileName = await _cryptoService.EncryptAsync(attachmentView.FileName, encKey);
+            var encData = await _cryptoService.EncryptToBytesAsync(decBytes, dataEncKey.Item1);
            var encFileData = await _cryptoService.EncryptToBytesAsync(decBytes, attachmentKey);
            var boundary = string.Concat("--BWMobileFormBoundary", DateTime.UtcNow.Ticks);
            var fd = new MultipartFormDataContent(boundary);
-            fd.Add(new StringContent(protectedAttachmentKey.EncryptedString), "key");
+            fd.Add(new StringContent(dataEncKey.Item2.EncryptedString), "key");
-            fd.Add(new StreamContent(new MemoryStream(encFileData.Buffer)), "data", encFileName.EncryptedString);
+            fd.Add(new StreamContent(new MemoryStream(encData.Buffer)), "data", encFileName.EncryptedString);
            await _apiService.PostShareCipherAttachmentAsync(cipherId, attachmentView.Id, fd, organizationId);
        }
--- a/src/Core/Services/CollectionService.cs
+++ b/src/Core/Services/CollectionService.cs
@@ -101,7 +101,7 @@ namespace Bit.Core.Services
            {
                return _decryptedCollectionCache;
            }
-            var hasKey = await _cryptoService.HasUserKeyAsync();
+            var hasKey = await _cryptoService.HasKeyAsync();
            if (!hasKey)
            {
                throw new Exception("No key.");
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
--- a/src/Core/Services/DeviceTrustCryptoService.cs
+++ b/src/Core/Services/DeviceTrustCryptoService.cs
@@ -1,134 +0,0 @@
 using System;
 using System.Threading.Tasks;
 using Bit.Core.Abstractions;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Request;
 namespace Bit.Core.Services
 {
    public class DeviceTrustCryptoService : IDeviceTrustCryptoService
    {
        private readonly IApiService _apiService;
        private readonly IAppIdService _appIdService;
        private readonly ICryptoFunctionService _cryptoFunctionService;
        private readonly ICryptoService _cryptoService;
        private readonly IStateService _stateService;
        private const int DEVICE_KEY_SIZE = 64;
        public DeviceTrustCryptoService(
            IApiService apiService,
            IAppIdService appIdService,
            ICryptoFunctionService cryptoFunctionService,
            ICryptoService cryptoService,
            IStateService stateService)
        {
            _apiService = apiService;
            _appIdService = appIdService;
            _cryptoFunctionService = cryptoFunctionService;
            _cryptoService = cryptoService;
            _stateService = stateService;
        }
        public async Task<SymmetricCryptoKey> GetDeviceKeyAsync()
        {
            return await _stateService.GetDeviceKeyAsync();
        }
        private async Task SetDeviceKeyAsync(SymmetricCryptoKey deviceKey)
        {
            await _stateService.SetDeviceKeyAsync(deviceKey);
        }
        public async Task RemoveTrustedDeviceAsync()
        {
            await SetDeviceKeyAsync(null);
        }
        public async Task<DeviceResponse> TrustDeviceAsync()
        {
            // Attempt to get user key
            var userKey = await _cryptoService.GetUserKeyAsync();
            if (userKey == null)
            {
                return null;
            }
            // Generate deviceKey
            var deviceKey = await MakeDeviceKeyAsync();
            // Generate asymmetric RSA key pair: devicePrivateKey, devicePublicKey
            var (devicePublicKey, devicePrivateKey) = await _cryptoFunctionService.RsaGenerateKeyPairAsync(2048);
            // Send encrypted keys to server
            var deviceIdentifier = await _appIdService.GetAppIdAsync();
            var deviceRequest = new TrustedDeviceKeysRequest
            {
                EncryptedUserKey = (await _cryptoService.RsaEncryptAsync(userKey.Key, devicePublicKey)).EncryptedString,
                EncryptedPublicKey = (await _cryptoService.EncryptAsync(devicePublicKey, userKey)).EncryptedString,
                EncryptedPrivateKey = (await _cryptoService.EncryptAsync(devicePrivateKey, deviceKey)).EncryptedString,
            };
            var deviceResponse = await _apiService.UpdateTrustedDeviceKeysAsync(deviceIdentifier, deviceRequest);
            // Store device key if successful
            await SetDeviceKeyAsync(deviceKey);
            return deviceResponse;
        }
        private async Task<SymmetricCryptoKey> MakeDeviceKeyAsync()
        {
            // Create 512-bit device key
            var randomBytes = await _cryptoFunctionService.RandomBytesAsync(DEVICE_KEY_SIZE);
            return new SymmetricCryptoKey(randomBytes);
        }
        public async Task<bool> GetShouldTrustDeviceAsync()
        {
            return await _stateService.GetShouldTrustDeviceAsync();
        }
        public async Task SetShouldTrustDeviceAsync(bool value)
        {
            await _stateService.SetShouldTrustDeviceAsync(value);
        }
        public async Task<DeviceResponse> TrustDeviceIfNeededAsync()
        {
            if (!await GetShouldTrustDeviceAsync())
            {
                return null;
            }
            var response = await TrustDeviceAsync();
            await SetShouldTrustDeviceAsync(false);
            return response;
        }
        public async Task<bool> IsDeviceTrustedAsync()
        {
            var existingDeviceKey = await GetDeviceKeyAsync();
            return existingDeviceKey != null;
        }
        public async Task<UserKey> DecryptUserKeyWithDeviceKeyAsync(string encryptedDevicePrivateKey, string encryptedUserKey)
        {
            var existingDeviceKey = await GetDeviceKeyAsync();
            if (existingDeviceKey == null)
            {
                // User doesn't have a device key anymore so device is untrusted
                return null;
            }
            // Attempt to decrypt encryptedDevicePrivateKey with device key
            var devicePrivateKeyBytes = await _cryptoService.DecryptToBytesAsync(
              new EncString(encryptedDevicePrivateKey),
              existingDeviceKey
            );
            // Attempt to decrypt encryptedUserDataKey with devicePrivateKey
            var userKeyBytes = await _cryptoService.RsaDecryptAsync(encryptedUserKey, devicePrivateKeyBytes);
            return new UserKey(userKeyBytes);
        }
    }
 }
--- a/src/Core/Services/FolderService.cs
+++ b/src/Core/Services/FolderService.cs
@@ -77,7 +77,7 @@ namespace Bit.Core.Services
            {
                return _decryptedFolderCache;
            }
-            var hasKey = await _cryptoService.HasUserKeyAsync();
+            var hasKey = await _cryptoService.HasKeyAsync();
            if (!hasKey)
            {
                throw new Exception("No key.");
--- a/src/Core/Services/KeyConnectorService.cs
+++ b/src/Core/Services/KeyConnectorService.cs
@@ -3,7 +3,6 @@ using System.Threading.Tasks;
 using Bit.Core.Abstractions;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Request;
 using Bit.Core.Models.Response;
 namespace Bit.Core.Services
 {
@@ -13,28 +12,26 @@ namespace Bit.Core.Services
        private readonly ICryptoService _cryptoService;
        private readonly ITokenService _tokenService;
        private readonly IApiService _apiService;
        private readonly ICryptoFunctionService _cryptoFunctionService;
        private readonly IOrganizationService _organizationService;
        public KeyConnectorService(IStateService stateService, ICryptoService cryptoService,
-            ITokenService tokenService, IApiService apiService, ICryptoFunctionService cryptoFunctionService, OrganizationService organizationService)
+            ITokenService tokenService, IApiService apiService, OrganizationService organizationService)
        {
            _stateService = stateService;
            _cryptoService = cryptoService;
            _tokenService = tokenService;
            _apiService = apiService;
            _cryptoFunctionService = cryptoFunctionService;
            _organizationService = organizationService;
        }
-        public async Task SetMasterKeyFromUrlAsync(string url)
+        public async Task GetAndSetKey(string url)
        {
            try
            {
-                var masterKeyResponse = await _apiService.GetMasterKeyFromKeyConnectorAsync(url);
+                var userKeyResponse = await _apiService.GetUserKeyFromKeyConnector(url);
-                var masterKeyBytes = Convert.FromBase64String(masterKeyResponse.Key);
+                var keyArr = Convert.FromBase64String(userKeyResponse.Key);
-                var masterKey = new MasterKey(masterKeyBytes);
+                var k = new SymmetricCryptoKey(keyArr);
-                await _cryptoService.SetMasterKeyAsync(masterKey);
+                await _cryptoService.SetKeyAsync(k);
            }
            catch (Exception e)
            {
@@ -42,17 +39,17 @@ namespace Bit.Core.Services
            }
        }
-        public async Task SetUsesKeyConnectorAsync(bool usesKeyConnector)
+        public async Task SetUsesKeyConnector(bool usesKeyConnector)
        {
            await _stateService.SetUsesKeyConnectorAsync(usesKeyConnector);
        }
-        public async Task<bool> GetUsesKeyConnectorAsync()
+        public async Task<bool> GetUsesKeyConnector()
        {
            return await _stateService.GetUsesKeyConnectorAsync();
        }
-        public async Task<Organization> GetManagingOrganizationAsync()
+        public async Task<Organization> GetManagingOrganization()
        {
            var orgs = await _organizationService.GetAllAsync();
            return orgs.Find(o =>
@@ -60,14 +57,14 @@ namespace Bit.Core.Services
                !o.IsAdmin);
        }
-        public async Task MigrateUserAsync()
+        public async Task MigrateUser()
        {
-            var organization = await GetManagingOrganizationAsync();
+            var organization = await GetManagingOrganization();
-            var masterKey = await _cryptoService.GetMasterKeyAsync();
+            var key = await _cryptoService.GetKeyAsync();
            try
            {
-                var keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.EncKeyB64);
+                var keyConnectorRequest = new KeyConnectorUserKeyRequest(key.EncKeyB64);
                await _apiService.PostUserKeyToKeyConnector(organization.KeyConnectorUrl, keyConnectorRequest);
            }
            catch (Exception e)
@@ -78,46 +75,13 @@ namespace Bit.Core.Services
            await _apiService.PostConvertToKeyConnector();
        }
-        public async Task<bool> UserNeedsMigrationAsync()
+        public async Task<bool> UserNeedsMigration()
        {
            var loggedInUsingSso = await _tokenService.GetIsExternal();
-            var requiredByOrganization = await GetManagingOrganizationAsync() != null;
+            var requiredByOrganization = await GetManagingOrganization() != null;
-            var userIsNotUsingKeyConnector = !await GetUsesKeyConnectorAsync();
+            var userIsNotUsingKeyConnector = !await GetUsesKeyConnector();
            return loggedInUsingSso && requiredByOrganization && userIsNotUsingKeyConnector;
        }
        public async Task ConvertNewUserToKeyConnectorAsync(string orgId, IdentityTokenResponse tokenResponse)
        {
            // SSO Key Connector Onboarding
            var password = await _cryptoFunctionService.RandomBytesAsync(64);
            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.KdfConfig);
            var keyConnectorRequest = new KeyConnectorUserKeyRequest(newMasterKey.EncKeyB64);
            await _cryptoService.SetMasterKeyAsync(newMasterKey);
            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(newMasterKey);
            await _cryptoService.SetUserKeyAsync(newUserKey);
            try
            {
                await _apiService.PostUserKeyToKeyConnector(tokenResponse.KeyConnectorUrl, keyConnectorRequest);
            }
            catch (Exception e)
            {
                throw new Exception("Unable to reach Key Connector", e);
            }
            var (newPublicKey, newProtectedPrivateKey) = await _cryptoService.MakeKeyPairAsync();
            var keys = new KeysRequest
            {
                PublicKey = newPublicKey,
                EncryptedPrivateKey = newProtectedPrivateKey.EncryptedString
            };
            var setPasswordRequest = new SetKeyConnectorKeyRequest(
                newProtectedPrivateKey.EncryptedString, keys, tokenResponse.KdfConfig, orgId
            );
            await _apiService.PostSetKeyConnectorKey(setPasswordRequest);
        }
    }
 }
--- a/src/Core/Services/PasswordGenerationService.cs
+++ b/src/Core/Services/PasswordGenerationService.cs
@@ -247,7 +247,7 @@ namespace Bit.Core.Services
        public async Task<List<GeneratedPasswordHistory>> GetHistoryAsync()
        {
-            var hasKey = await _cryptoService.HasUserKeyAsync();
+            var hasKey = await _cryptoService.HasKeyAsync();
            if (!hasKey)
            {
                return new List<GeneratedPasswordHistory>();
@@ -262,7 +262,7 @@ namespace Bit.Core.Services
        public async Task AddHistoryAsync(string password, CancellationToken token = default(CancellationToken))
        {
-            var hasKey = await _cryptoService.HasUserKeyAsync();
+            var hasKey = await _cryptoService.HasKeyAsync();
            if (!hasKey)
            {
                return;
--- a/src/Core/Services/PasswordResetEnrollmentService.cs
+++ b/src/Core/Services/PasswordResetEnrollmentService.cs
@@ -1,62 +0,0 @@
 using System;
 using System.Threading.Tasks;
 using Bit.Core.Abstractions;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Request;
 using Bit.Core.Utilities;
 namespace Bit.Core.Services
 {
    public class PasswordResetEnrollmentService : IPasswordResetEnrollmentService
    {
        private readonly IApiService _apiService;
        private readonly ICryptoService _cryptoService;
        private readonly IOrganizationService _organizationService;
        private readonly IStateService _stateService;
        public PasswordResetEnrollmentService(IApiService apiService,
            ICryptoService cryptoService,
            IOrganizationService organizationService,
            IStateService stateService)
        {
            _apiService = apiService;
            _cryptoService = cryptoService;
            _organizationService = organizationService;
            _stateService = stateService;
        }
        public async Task EnrollIfRequiredAsync(string organizationSsoId)
        {
            var orgAutoEnrollStatusResponse = await _apiService.GetOrganizationAutoEnrollStatusAsync(organizationSsoId);
            if (!orgAutoEnrollStatusResponse?.ResetPasswordEnabled ?? false)
            {
                await EnrollAsync(orgAutoEnrollStatusResponse.Id);
            }
        }
        public async Task EnrollAsync(string organizationId)
        {
            var orgKeyResponse = await _apiService.GetOrganizationKeysAsync(organizationId);
            if (orgKeyResponse == null)
            {
                throw new Exception("Organization keys missing");
            }
            var userId = await _stateService.GetActiveUserIdAsync();
            var userKey = await _cryptoService.GetUserKeyAsync();
            var orgPublicKey = CoreHelpers.Base64UrlDecode(orgKeyResponse.PublicKey);
            var encryptedKey = await _cryptoService.RsaEncryptAsync(userKey.Key, orgPublicKey);
            var resetRequest = new OrganizationUserResetPasswordEnrollmentRequest();
            resetRequest.ResetPasswordKey = encryptedKey.EncryptedString;
            await _apiService.PutOrganizationUserResetPasswordEnrollmentAsync(
              organizationId,
              userId,
              resetRequest
            );
        }
    }
 }
--- a/src/Core/Services/SendService.cs
+++ b/src/Core/Services/SendService.cs
@@ -143,7 +143,7 @@ namespace Bit.Core.Services
                return _decryptedSendsCache;
            }
-            var hasKey = await _cryptoService.HasUserKeyAsync();
+            var hasKey = await _cryptoService.HasKeyAsync();
            if (!hasKey)
            {
                throw new Exception("No Key.");
--- a/src/Core/Services/StateService.cs
+++ b/src/Core/Services/StateService.cs
@@ -241,19 +241,6 @@ namespace Bit.Core.Services
            ))?.Settings?.EnvironmentUrls;
        }
        public async Task<UserKey> GetUserKeyBiometricUnlockAsync(string userId = null)
        {
            var keyB64 = await _storageMediatorService.GetAsync<string>(
                await ComposeKeyAsync(Constants.UserKeyBiometricUnlockKey, userId), true);
            return keyB64 == null ? null : new UserKey(Convert.FromBase64String(keyB64));
        }
        public async Task SetUserKeyBiometricUnlockAsync(UserKey value, string userId = null)
        {
            await _storageMediatorService.SaveAsync(
                await ComposeKeyAsync(Constants.UserKeyBiometricUnlockKey, userId), value?.KeyB64, true);
        }
        public async Task<bool?> GetBiometricUnlockAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
@@ -315,70 +302,12 @@ namespace Bit.Core.Services
                true, reconciledOptions);
        }
        public async Task<UserKey> GetUserKeyAsync(string userId = null)
        {
            return (await GetAccountAsync(
                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
            ))?.VolatileData?.UserKey;
        }
        public async Task SetUserKeyAsync(UserKey value, string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultInMemoryOptionsAsync());
            var account = await GetAccountAsync(reconciledOptions);
            account.VolatileData.UserKey = value;
            await SaveAccountAsync(account, reconciledOptions);
        }
        public async Task<MasterKey> GetMasterKeyAsync(string userId = null)
        {
            return (await GetAccountAsync(
                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
            ))?.VolatileData?.MasterKey;
        }
        public async Task SetMasterKeyAsync(MasterKey value, string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultInMemoryOptionsAsync());
            var account = await GetAccountAsync(reconciledOptions);
            account.VolatileData.MasterKey = value;
            await SaveAccountAsync(account, reconciledOptions);
        }
        public async Task<string> GetMasterKeyEncryptedUserKeyAsync(string userId = null)
        {
            return await _storageMediatorService.GetAsync<string>(
                await ComposeKeyAsync(Constants.MasterKeyEncryptedUserKeyKey, userId), false);
        }
        public async Task SetMasterKeyEncryptedUserKeyAsync(string value, string userId = null)
        {
            await _storageMediatorService.SaveAsync(
                await ComposeKeyAsync(Constants.MasterKeyEncryptedUserKeyKey, userId), value, false);
        }
        public async Task<UserKey> GetUserKeyAutoUnlockAsync(string userId = null)
        {
            var keyB64 = await _storageMediatorService.GetAsync<string>(
                await ComposeKeyAsync(Constants.UserKeyAutoUnlockKey, userId), true);
            return keyB64 == null ? null : new UserKey(Convert.FromBase64String(keyB64));
        }
        public async Task SetUserKeyAutoUnlockAsync(UserKey value, string userId = null)
        {
            await _storageMediatorService.SaveAsync(
                await ComposeKeyAsync(Constants.UserKeyAutoUnlockKey, userId), value?.KeyB64, true);
        }
        public async Task<bool> CanAccessPremiumAsync(string userId = null)
        {
            if (userId == null)
            {
                userId = await GetActiveUserIdAsync();
            }
            if (!await IsAuthenticatedAsync(userId))
            {
                return false;
@@ -424,36 +353,36 @@ namespace Bit.Core.Services
            await SetValueAsync(Constants.ProtectedPinKey(reconciledOptions.UserId), value, reconciledOptions);
        }
-        public async Task<EncString> GetPinKeyEncryptedUserKeyAsync(string userId = null)
+        public async Task<string> GetPinProtectedAsync(string userId = null)
        {
-            var key = await _storageMediatorService.GetAsync<string>(
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
-                await ComposeKeyAsync(Constants.PinKeyEncryptedUserKeyKey, userId), false);
+                await GetDefaultStorageOptionsAsync());
-            return key != null ? new EncString(key) : null;
+            return await GetValueAsync<string>(Constants.PinProtectedKey(reconciledOptions.UserId), reconciledOptions);
        }
-        public async Task SetPinKeyEncryptedUserKeyAsync(EncString value, string userId = null)
+        public async Task SetPinProtectedAsync(string value, string userId = null)
        {
-            await _storageMediatorService.SaveAsync(
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
-                await ComposeKeyAsync(Constants.PinKeyEncryptedUserKeyKey, userId), value?.EncryptedString, false);
+                await GetDefaultStorageOptionsAsync());
            await SetValueAsync(Constants.PinProtectedKey(reconciledOptions.UserId), value, reconciledOptions);
        }
-        public async Task<EncString> GetPinKeyEncryptedUserKeyEphemeralAsync(string userId = null)
+        public async Task<EncString> GetPinProtectedKeyAsync(string userId = null)
        {
            return (await GetAccountAsync(
                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
-            ))?.VolatileData?.PinKeyEncryptedUserKeyEphemeral;
+            ))?.VolatileData?.PinProtectedKey;
        }
-        public async Task SetPinKeyEncryptedUserKeyEphemeralAsync(EncString value, string userId = null)
+        public async Task SetPinProtectedKeyAsync(EncString value, string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultInMemoryOptionsAsync());
            var account = await GetAccountAsync(reconciledOptions);
-            account.VolatileData.PinKeyEncryptedUserKeyEphemeral = value;
+            account.VolatileData.PinProtectedKey = value;
            await SaveAccountAsync(account, reconciledOptions);
        }
        public async Task SetKdfConfigurationAsync(KdfConfig config, string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
@@ -466,6 +395,35 @@ namespace Bit.Core.Services
            await SaveAccountAsync(account, reconciledOptions);
        }
        public async Task<string> GetKeyEncryptedAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultSecureStorageOptionsAsync());
            return await GetValueAsync<string>(Constants.KeyKey(reconciledOptions.UserId), reconciledOptions);
        }
        public async Task SetKeyEncryptedAsync(string value, string userId)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultSecureStorageOptionsAsync());
            await SetValueAsync(Constants.KeyKey(reconciledOptions.UserId), value, reconciledOptions);
        }
        public async Task<SymmetricCryptoKey> GetKeyDecryptedAsync(string userId = null)
        {
            return (await GetAccountAsync(
                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
            ))?.VolatileData?.Key;
        }
        public async Task SetKeyDecryptedAsync(SymmetricCryptoKey value, string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultInMemoryOptionsAsync());
            var account = await GetAccountAsync(reconciledOptions);
            account.VolatileData.Key = value;
            await SaveAccountAsync(account, reconciledOptions);
        }
        public async Task<string> GetKeyHashAsync(string userId = null)
        {
@@ -481,6 +439,19 @@ namespace Bit.Core.Services
            await SetValueAsync(Constants.KeyHashKey(reconciledOptions.UserId), value, reconciledOptions);
        }
        public async Task<string> GetEncKeyEncryptedAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultStorageOptionsAsync());
            return await GetValueAsync<string>(Constants.EncKeyKey(reconciledOptions.UserId), reconciledOptions);
        }
        public async Task SetEncKeyEncryptedAsync(string value, string userId)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultStorageOptionsAsync());
            await SetValueAsync(Constants.EncKeyKey(reconciledOptions.UserId), value, reconciledOptions);
        }
        public async Task<Dictionary<string, string>> GetOrgKeysEncryptedAsync(string userId = null)
        {
@@ -511,25 +482,6 @@ namespace Bit.Core.Services
            await SetValueAsync(Constants.EncPrivateKeyKey(reconciledOptions.UserId), value, reconciledOptions);
        }
        public async Task<SymmetricCryptoKey> GetDeviceKeyAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultStorageOptionsAsync());
            var deviceKeyB64 = await _storageMediatorService.GetAsync<string>(Constants.DeviceKeyKey(reconciledOptions.UserId), true);
            if (string.IsNullOrEmpty(deviceKeyB64))
            {
                return null;
            }
            return new SymmetricCryptoKey(Convert.FromBase64String(deviceKeyB64));
        }
        public async Task SetDeviceKeyAsync(SymmetricCryptoKey value, string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultStorageOptionsAsync());
            await _storageMediatorService.SaveAsync(Constants.DeviceKeyKey(reconciledOptions.UserId), value?.KeyB64, true);
        }
        public async Task<List<string>> GetAutofillBlacklistedUrisAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
@@ -1328,42 +1280,6 @@ namespace Bit.Core.Services
            await SetValueAsync(Constants.PreLoginEmailKey, value, options);
        }
        public async Task<AccountDecryptionOptions> GetAccountDecryptionOptions(string userId = null)
        {
            return (await GetAccountAsync(
                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultStorageOptionsAsync())
            ))?.Profile?.UserDecryptionOptions;
        }
        public async Task<bool> GetShouldTrustDeviceAsync()
        {
            return await _storageMediatorService.GetAsync<bool>(Constants.ShouldTrustDevice);
        }
        public async Task SetShouldTrustDeviceAsync(bool value)
        {
            await _storageMediatorService.SaveAsync(Constants.ShouldTrustDevice, value);
        }
        public async Task<PendingAdminAuthRequest> GetPendingAdminAuthRequestAsync(string userId = null)
        {
            try
            {
                // GetAsync will throw an ArgumentException exception if there isn't a value to deserialize 
                return await _storageMediatorService.GetAsync<PendingAdminAuthRequest>(await ComposeKeyAsync(Constants.PendingAdminAuthRequest, userId), true);
            }
            catch (ArgumentException)
            {
                return null;
            }
        }
        public async Task SetPendingAdminAuthRequestAsync(PendingAdminAuthRequest value, string userId = null)
        {
            await _storageMediatorService.SaveAsync(await ComposeKeyAsync(Constants.PendingAdminAuthRequest, userId), value, true);
        }
        public ConfigResponse GetConfigs()
        {
            return _storageMediatorService.Get<ConfigResponse>(Constants.ConfigsKey);
@@ -1531,31 +1447,28 @@ namespace Bit.Core.Services
            }
            // Non-state storage
-            await Task.WhenAll(
+            await SetProtectedPinAsync(null, userId);
-                SetUserKeyAutoUnlockAsync(null, userId),
+            await SetPinProtectedAsync(null, userId);
-                SetUserKeyBiometricUnlockAsync(null, userId),
+            await SetKeyEncryptedAsync(null, userId);
-                SetProtectedPinAsync(null, userId),
+            await SetKeyHashAsync(null, userId);
-                SetKeyHashAsync(null, userId),
+            await SetEncKeyEncryptedAsync(null, userId);
-                SetOrgKeysEncryptedAsync(null, userId),
+            await SetOrgKeysEncryptedAsync(null, userId);
-                SetPrivateKeyEncryptedAsync(null, userId),
+            await SetPrivateKeyEncryptedAsync(null, userId);
-                SetLastActiveTimeAsync(null, userId),
+            await SetLastActiveTimeAsync(null, userId);
-                SetPreviousPageInfoAsync(null, userId),
+            await SetPreviousPageInfoAsync(null, userId);
-                SetInvalidUnlockAttemptsAsync(null, userId),
+            await SetInvalidUnlockAttemptsAsync(null, userId);
-                SetLocalDataAsync(null, userId),
+            await SetLocalDataAsync(null, userId);
-                SetEncryptedCiphersAsync(null, userId),
+            await SetEncryptedCiphersAsync(null, userId);
-                SetEncryptedCollectionsAsync(null, userId),
+            await SetEncryptedCollectionsAsync(null, userId);
-                SetLastSyncAsync(null, userId),
+            await SetLastSyncAsync(null, userId);
-                SetEncryptedFoldersAsync(null, userId),
+            await SetEncryptedFoldersAsync(null, userId);
-                SetEncryptedPoliciesAsync(null, userId),
+            await SetEncryptedPoliciesAsync(null, userId);
-                SetUsesKeyConnectorAsync(null, userId),
+            await SetUsesKeyConnectorAsync(null, userId);
-                SetOrganizationsAsync(null, userId),
+            await SetOrganizationsAsync(null, userId);
-                SetEncryptedPasswordGenerationHistoryAsync(null, userId),
+            await SetEncryptedPasswordGenerationHistoryAsync(null, userId);
-                SetEncryptedSendsAsync(null, userId),
+            await SetEncryptedSendsAsync(null, userId);
-                SetSettingsAsync(null, userId),
+            await SetSettingsAsync(null, userId);
-                SetApprovePasswordlessLoginsAsync(null, userId),
+            await SetApprovePasswordlessLoginsAsync(null, userId);
                SetEncKeyEncryptedAsync(null, userId),
                SetKeyEncryptedAsync(null, userId),
                SetPinProtectedAsync(null, userId));
        }
        private async Task ScaffoldNewAccountAsync(Account account)
@@ -1743,79 +1656,5 @@ namespace Bit.Core.Services
            await SetValueAsync(Constants.LastUserShouldConnectToWatchKey,
                shouldConnect ?? await GetShouldConnectToWatchAsync(), await GetDefaultStorageOptionsAsync());
        }
        [Obsolete("Use GetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")]
        public async Task<string> GetPinProtectedAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultStorageOptionsAsync());
            return await GetValueAsync<string>(Constants.PinProtectedKey(reconciledOptions.UserId), reconciledOptions);
        }
        [Obsolete("Use SetPinKeyEncryptedUserKeyAsync instead")]
        public async Task SetPinProtectedAsync(string value, string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultStorageOptionsAsync());
            await SetValueAsync(Constants.PinProtectedKey(reconciledOptions.UserId), value, reconciledOptions);
        }
        [Obsolete("Use GetPinKeyEncryptedUserKeyEphemeralAsync instead, left for migration purposes")]
        public async Task<EncString> GetPinProtectedKeyAsync(string userId = null)
        {
            return (await GetAccountAsync(
                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
            ))?.VolatileData?.PinProtectedKey;
        }
        [Obsolete("Use SetPinKeyEncryptedUserKeyEphemeralAsync instead")]
        public async Task SetPinProtectedKeyAsync(EncString value, string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultInMemoryOptionsAsync());
            var account = await GetAccountAsync(reconciledOptions);
            account.VolatileData.PinProtectedKey = value;
            await SaveAccountAsync(account, reconciledOptions);
        }
        [Obsolete("Use GetMasterKeyEncryptedUserKeyAsync instead, left for migration purposes")]
        public async Task<string> GetEncKeyEncryptedAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultStorageOptionsAsync());
            return await GetValueAsync<string>(Constants.EncKeyKey(reconciledOptions.UserId), reconciledOptions);
        }
        [Obsolete("Use SetMasterKeyEncryptedUserKeyAsync instead, left for migration purposes")]
        public async Task SetEncKeyEncryptedAsync(string value, string userId)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultStorageOptionsAsync());
            await SetValueAsync(Constants.EncKeyKey(reconciledOptions.UserId), value, reconciledOptions);
        }
        [Obsolete("Left for migration purposes")]
        public async Task SetKeyEncryptedAsync(string value, string userId)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultSecureStorageOptionsAsync());
            await SetValueAsync(Constants.KeyKey(reconciledOptions.UserId), value, reconciledOptions);
        }
        [Obsolete("Use GetUserKeyAutoUnlock instead, left for migration purposes")]
        public async Task<string> GetKeyEncryptedAsync(string userId = null)
        {
            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
                await GetDefaultSecureStorageOptionsAsync());
            return await GetValueAsync<string>(Constants.KeyKey(reconciledOptions.UserId), reconciledOptions);
        }
        [Obsolete("Use GetMasterKeyAsync instead, left for migration purposes")]
        public async Task<SymmetricCryptoKey> GetKeyDecryptedAsync(string userId = null)
        {
            return (await GetAccountAsync(
                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
            ))?.VolatileData?.Key;
        }
    }
 }
--- a/src/Core/Services/SyncService.cs
+++ b/src/Core/Services/SyncService.cs
@@ -327,8 +327,8 @@ namespace Bit.Core.Services
                }
                return;
            }
-            await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(response.Key);
+            await _cryptoService.SetEncKeyAsync(response.Key);
-            await _cryptoService.SetUserPrivateKeyAsync(response.PrivateKey);
+            await _cryptoService.SetEncPrivateKeyAsync(response.PrivateKey);
            await _cryptoService.SetOrgKeysAsync(response.Organizations);
            await _stateService.SetSecurityStampAsync(response.SecurityStamp);
            var organizations = response.Organizations.ToDictionary(o => o.Id, o => new OrganizationData(o));
@@ -337,7 +337,7 @@ namespace Bit.Core.Services
            await _stateService.SetNameAsync(response.Name);
            await _stateService.SetPersonalPremiumAsync(response.Premium);
            await _stateService.SetAvatarColorAsync(response.AvatarColor);
-            await _keyConnectorService.SetUsesKeyConnectorAsync(response.UsesKeyConnector);
+            await _keyConnectorService.SetUsesKeyConnector(response.UsesKeyConnector);
        }
        private async Task SyncFoldersAsync(string userId, List<FolderResponse> response)
--- a/src/Core/Services/UserVerificationService.cs
+++ b/src/Core/Services/UserVerificationService.cs
@@ -11,18 +11,14 @@ namespace Bit.Core.Services
        private readonly IPlatformUtilsService _platformUtilsService;
        private readonly II18nService _i18nService;
        private readonly ICryptoService _cryptoService;
        private readonly IStateService _stateService;
        private readonly IKeyConnectorService _keyConnectorService;
        public UserVerificationService(IApiService apiService, IPlatformUtilsService platformUtilsService,
-            II18nService i18nService, ICryptoService cryptoService, IStateService stateService, IKeyConnectorService keyConnectorService)
+            II18nService i18nService, ICryptoService cryptoService)
        {
            _apiService = apiService;
            _platformUtilsService = platformUtilsService;
            _i18nService = i18nService;
            _cryptoService = cryptoService;
            _stateService = stateService;
            _keyConnectorService = keyConnectorService;
        }
        async public Task<bool> VerifyUser(string secret, VerificationType verificationType)
@@ -67,16 +63,5 @@ namespace Bit.Core.Services
            await _platformUtilsService.ShowDialogAsync(errorMessage);
        }
        public async Task<bool> HasMasterPasswordAsync()
        {
            var decryptOptions = await _stateService.GetAccountDecryptionOptions();
            if (decryptOptions != null)
            {
                return decryptOptions.HasMasterPassword;
            }
            return !await _keyConnectorService.GetUsesKeyConnectorAsync();
        }
    }
 }
--- a/src/Core/Services/VaultTimeoutService.cs
+++ b/src/Core/Services/VaultTimeoutService.cs
@@ -1,17 +1,12 @@
 using System;
 using System.Linq;
 using System.Threading.Tasks;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 namespace Bit.Core.Services
 {
    public enum PinLockType
    {
        Disabled,
        Persistent,
        Transient
    }
    public class VaultTimeoutService : IVaultTimeoutService
    {
        private readonly ICryptoService _cryptoService;
@@ -23,7 +18,7 @@ namespace Bit.Core.Services
        private readonly ISearchService _searchService;
        private readonly IMessagingService _messagingService;
        private readonly ITokenService _tokenService;
-        private readonly IUserVerificationService _userVerificationService;
+        private readonly IKeyConnectorService _keyConnectorService;
        private readonly Func<Tuple<string, bool>, Task> _lockedCallback;
        private readonly Func<Tuple<string, bool, bool>, Task> _loggedOutCallback;
@@ -37,7 +32,7 @@ namespace Bit.Core.Services
            ISearchService searchService,
            IMessagingService messagingService,
            ITokenService tokenService,
-            IUserVerificationService userVerificationService,
+            IKeyConnectorService keyConnectorService,
            Func<Tuple<string, bool>, Task> lockedCallback,
            Func<Tuple<string, bool, bool>, Task> loggedOutCallback)
        {
@@ -50,7 +45,7 @@ namespace Bit.Core.Services
            _searchService = searchService;
            _messagingService = messagingService;
            _tokenService = tokenService;
-            _userVerificationService = userVerificationService;
+            _keyConnectorService = keyConnectorService;
            _lockedCallback = lockedCallback;
            _loggedOutCallback = loggedOutCallback;
        }
@@ -59,26 +54,15 @@ namespace Bit.Core.Services
        public async Task<bool> IsLockedAsync(string userId = null)
        {
-            var biometricSet = await IsBiometricLockSetAsync(userId);
+            var hasKey = await _cryptoService.HasKeyAsync(userId);
-            if (biometricSet && await _stateService.GetBiometricLockedAsync(userId))
+            if (hasKey)
            {
-                return true;
+                var biometricSet = await IsBiometricLockSetAsync(userId);
-            }
+                if (biometricSet && await _stateService.GetBiometricLockedAsync(userId))
            if (!await _cryptoService.HasUserKeyAsync(userId))
            {
                if (await _cryptoService.HasAutoUnlockKeyAsync(userId))
                {
                    await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId));
                }
                else
                {
                    return true;
                }
            }
            // Check again to verify auto key was set
            var hasKey = await _cryptoService.HasUserKeyAsync(userId);
            return !hasKey;
        }
@@ -179,15 +163,13 @@ namespace Bit.Core.Services
                userId = await _stateService.GetActiveUserIdAsync();
            }
-            if (!await _userVerificationService.HasMasterPasswordAsync())
+            if (await _keyConnectorService.GetUsesKeyConnector())
            {
-                var pinStatus = await GetPinLockTypeAsync(userId);
+                var (isPinProtected, isPinProtectedWithKey) = await IsPinLockSetAsync(userId);
-                var ephemeralPinSet = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync()
+                var pinLock = (isPinProtected && await _stateService.GetPinProtectedKeyAsync(userId) != null) ||
-                    ?? await _stateService.GetPinProtectedKeyAsync();
+                              isPinProtectedWithKey;
                var pinEnabled = (pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
                          pinStatus == PinLockType.Persistent;
-                if (!pinEnabled && !await IsBiometricLockSetAsync())
+                if (!pinLock && !await IsBiometricLockSetAsync())
                {
                    await LogOutAsync(userInitiated, userId);
                    return;
@@ -205,11 +187,10 @@ namespace Bit.Core.Services
                }
            }
            await Task.WhenAll(
-                _cryptoService.ClearUserKeyAsync(userId),
+                _cryptoService.ClearKeyAsync(userId),
                _cryptoService.ClearMasterKeyAsync(userId),
                _stateService.SetUserKeyAutoUnlockAsync(null, userId),
                _cryptoService.ClearOrgKeysAsync(true, userId),
-                _cryptoService.ClearKeyPairAsync(true, userId));
+                _cryptoService.ClearKeyPairAsync(true, userId),
                _cryptoService.ClearEncKeyAsync(true, userId));
            if (isActiveAccount)
            {
@@ -233,27 +214,15 @@ namespace Bit.Core.Services
        {
            await _stateService.SetVaultTimeoutAsync(timeout);
            await _stateService.SetVaultTimeoutActionAsync(action);
-            await _cryptoService.RefreshKeysAsync();
+            await _cryptoService.ToggleKeyAsync();
            await _tokenService.ToggleTokensAsync();
        }
-        public async Task<PinLockType> GetPinLockTypeAsync(string userId = null)
+        public async Task<Tuple<bool, bool>> IsPinLockSetAsync(string userId = null)
        {
-            // we can't depend on only the protected pin being set because old
+            var protectedPin = await _stateService.GetProtectedPinAsync(userId);
-            // versions only used it for MP on Restart
+            var pinProtectedKey = await _stateService.GetPinProtectedAsync(userId);
-            var isPinEnabled = await _stateService.GetProtectedPinAsync(userId) != null;
+            return new Tuple<bool, bool>(protectedPin != null, pinProtectedKey != null);
            var hasUserKeyPin = await _stateService.GetPinKeyEncryptedUserKeyAsync(userId) != null;
            var hasOldUserKeyPin = await _stateService.GetPinProtectedAsync(userId) != null;
            if (hasUserKeyPin || hasOldUserKeyPin)
            {
                return PinLockType.Persistent;
            }
            else if (isPinEnabled && !hasUserKeyPin && !hasOldUserKeyPin)
            {
                return PinLockType.Transient;
            }
            return PinLockType.Disabled;
        }
        public async Task<bool> IsBiometricLockSetAsync(string userId = null)
@@ -264,7 +233,8 @@ namespace Bit.Core.Services
        public async Task ClearAsync(string userId = null)
        {
-            await _cryptoService.ClearPinKeysAsync(userId);
+            await _stateService.SetPinProtectedKeyAsync(null, userId);
            await _stateService.SetProtectedPinAsync(null, userId);
        }
        public async Task<int?> GetVaultTimeout(string userId = null)
--- a/src/Core/Utilities/ServiceContainer.cs
+++ b/src/Core/Utilities/ServiceContainer.cs
@@ -53,13 +53,11 @@ namespace Bit.Core.Utilities
                cryptoFunctionService);
            searchService = new SearchService(cipherService, sendService);
            var policyService = new PolicyService(stateService, organizationService);
-            var keyConnectorService = new KeyConnectorService(stateService, cryptoService, tokenService, apiService, cryptoFunctionService,
+            var keyConnectorService = new KeyConnectorService(stateService, cryptoService, tokenService, apiService,
                organizationService);
            var userVerificationService = new UserVerificationService(apiService, platformUtilsService, i18nService,
                cryptoService, stateService, keyConnectorService);
            var vaultTimeoutService = new VaultTimeoutService(cryptoService, stateService, platformUtilsService,
                folderService, cipherService, collectionService, searchService, messagingService, tokenService,
-                userVerificationService,
+                keyConnectorService,
                (extras) =>
                {
                    messagingService.Send("locked", extras);
@@ -79,15 +77,15 @@ namespace Bit.Core.Utilities
                });
            var passwordGenerationService = new PasswordGenerationService(cryptoService, stateService, cryptoFunctionService, policyService);
            var totpService = new TotpService(cryptoFunctionService);
            var deviceTrustCryptoService = new DeviceTrustCryptoService(apiService, appIdService, cryptoFunctionService, cryptoService, stateService);
            var passwordResetEnrollmentService = new PasswordResetEnrollmentService(apiService, cryptoService, organizationService, stateService);
            var authService = new AuthService(cryptoService, cryptoFunctionService, apiService, stateService,
-                tokenService, appIdService, i18nService, platformUtilsService, messagingService,
+                tokenService, appIdService, i18nService, platformUtilsService, messagingService, vaultTimeoutService,
-                keyConnectorService, passwordGenerationService, policyService, deviceTrustCryptoService, passwordResetEnrollmentService);
+                keyConnectorService, passwordGenerationService, policyService);
            var exportService = new ExportService(folderService, cipherService, cryptoService);
            var auditService = new AuditService(cryptoFunctionService, apiService);
            var environmentService = new EnvironmentService(apiService, stateService, conditionedRunner);
            var eventService = new EventService(apiService, stateService, organizationService, cipherService);
            var userVerificationService = new UserVerificationService(apiService, platformUtilsService, i18nService,
                cryptoService);
            var usernameGenerationService = new UsernameGenerationService(cryptoService, apiService, stateService);
            var configService = new ConfigService(apiService, stateService, logger);
@@ -104,8 +102,6 @@ namespace Bit.Core.Utilities
            Register<ISearchService>("searchService", searchService);
            Register<IPolicyService>("policyService", policyService);
            Register<ISyncService>("syncService", syncService);
            Register<IKeyConnectorService>("keyConnectorService", keyConnectorService);
            Register<IUserVerificationService>(userVerificationService);
            Register<IVaultTimeoutService>("vaultTimeoutService", vaultTimeoutService);
            Register<IPasswordGenerationService>("passwordGenerationService", passwordGenerationService);
            Register<ITotpService>("totpService", totpService);
@@ -114,10 +110,10 @@ namespace Bit.Core.Utilities
            Register<IAuditService>("auditService", auditService);
            Register<IEnvironmentService>("environmentService", environmentService);
            Register<IEventService>("eventService", eventService);
            Register<IKeyConnectorService>("keyConnectorService", keyConnectorService);
            Register<IUserVerificationService>("userVerificationService", userVerificationService);
            Register<IUsernameGenerationService>(usernameGenerationService);
            Register<IConfigService>(configService);
            Register<IDeviceTrustCryptoService>(deviceTrustCryptoService);
            Register<IPasswordResetEnrollmentService>(passwordResetEnrollmentService);
        }
        public static void Register<T>(string serviceName, T obj)
--- a/src/iOS.Autofill/CredentialProviderViewController.cs
+++ b/src/iOS.Autofill/CredentialProviderViewController.cs
@@ -498,7 +498,7 @@ namespace Bit.iOS.Autofill
                vm.StartTwoFactorAction = () => DismissViewController(false, () => LaunchTwoFactorFlow(false));
                vm.UpdateTempPasswordAction = () => DismissViewController(false, () => LaunchUpdateTempPasswordFlow());
                vm.StartSsoLoginAction = () => DismissViewController(false, () => LaunchLoginSsoFlow());
-                vm.LogInWithDeviceAction = () => DismissViewController(false, () => LaunchLoginWithDevice(AuthRequestType.AuthenticateAndUnlock, email));
+                vm.LogInWithDeviceAction = () => DismissViewController(false, () => LaunchLoginWithDevice(email));
                vm.LogInSuccessAction = () => DismissLockAndContinue();
                vm.CloseAction = () => DismissViewController(false, () => LaunchHomePage());
            }
@@ -511,11 +511,11 @@ namespace Bit.iOS.Autofill
            LogoutIfAuthed();
        }
-        private void LaunchLoginWithDevice(AuthRequestType authRequestType, string email = null)
+        private void LaunchLoginWithDevice(string email = null)
        {
            var appOptions = new AppOptions { IosExtension = true };
            var app = new App.App(appOptions);
-            var loginWithDevicePage = new LoginPasswordlessRequestPage(email, authRequestType, appOptions);
+            var loginWithDevicePage = new LoginPasswordlessRequestPage(email, appOptions);
            ThemeManager.SetTheme(app.Resources);
            ThemeManager.ApplyResourcesTo(loginWithDevicePage);
            if (loginWithDevicePage.BindingContext is LoginPasswordlessRequestViewModel vm)
@@ -545,7 +545,6 @@ namespace Bit.iOS.Autofill
                vm.StartTwoFactorAction = () => DismissViewController(false, () => LaunchTwoFactorFlow(true));
                vm.StartSetPasswordAction = () => DismissViewController(false, () => LaunchSetPasswordFlow());
                vm.UpdateTempPasswordAction = () => DismissViewController(false, () => LaunchUpdateTempPasswordFlow());
                vm.StartDeviceApprovalOptionsAction = () => DismissViewController(false, () => LaunchDeviceApprovalOptionsFlow());
                vm.SsoAuthSuccessAction = () => DismissLockAndContinue();
                vm.CloseAction = () => DismissViewController(false, () => LaunchHomePage());
            }
@@ -568,7 +567,6 @@ namespace Bit.iOS.Autofill
            {
                vm.TwoFactorAuthSuccessAction = () => DismissLockAndContinue();
                vm.StartSetPasswordAction = () => DismissViewController(false, () => LaunchSetPasswordFlow());
                vm.StartDeviceApprovalOptionsAction = () => DismissViewController(false, () => LaunchDeviceApprovalOptionsFlow());
                if (authingWithSso)
                {
                    vm.CloseAction = () => DismissViewController(false, () => LaunchLoginSsoFlow());
@@ -623,25 +621,6 @@ namespace Bit.iOS.Autofill
            PresentViewController(updateTempPasswordController, true, null);
        }
        private void LaunchDeviceApprovalOptionsFlow()
        {
            var loginApproveDevicePage = new LoginApproveDevicePage();
            var app = new App.App(new AppOptions { IosExtension = true });
            ThemeManager.SetTheme(app.Resources);
            ThemeManager.ApplyResourcesTo(loginApproveDevicePage);
            if (loginApproveDevicePage.BindingContext is LoginApproveDeviceViewModel vm)
            {
                vm.LogInWithMasterPasswordAction = () => DismissViewController(false, () => PerformSegue("lockPasswordSegue", this));
                vm.RequestAdminApprovalAction = () => DismissViewController(false, () => LaunchLoginWithDevice(AuthRequestType.AdminApproval, vm.Email));
                vm.LogInWithDeviceAction = () => DismissViewController(false, () => LaunchLoginWithDevice(AuthRequestType.AuthenticateAndUnlock, vm.Email));
            }
            var navigationPage = new NavigationPage(loginApproveDevicePage);
            var loginApproveDeviceController = navigationPage.CreateViewController();
            loginApproveDeviceController.ModalPresentationStyle = UIModalPresentationStyle.FullScreen;
            PresentViewController(loginApproveDeviceController, true, null);
        }
        public Task SetPreviousPageInfoAsync() => Task.CompletedTask;
        public Task UpdateThemeAsync() => Task.CompletedTask;
--- a/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
+++ b/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
@@ -8,13 +8,11 @@ using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Bit.iOS.Core.Utilities;
 using Bit.iOS.Core.Views;
 using Foundation;
 using UIKit;
 using Xamarin.Essentials;
 using Xamarin.Forms;
 namespace Bit.iOS.Core.Controllers
@@ -28,14 +26,15 @@ namespace Bit.iOS.Core.Controllers
        private IStorageService _secureStorageService;
        private IPlatformUtilsService _platformUtilsService;
        private IBiometricService _biometricService;
-        private IUserVerificationService _userVerificationService;
+        private IKeyConnectorService _keyConnectorService;
        private IAccountsManager _accountManager;
-        private PinLockType _pinStatus;
+        private bool _isPinProtected;
-        private bool _pinEnabled;
+        private bool _isPinProtectedWithKey;
-        private bool _biometricEnabled;
+        private bool _pinLock;
        private bool _biometricLock;
        private bool _biometricIntegrityValid = true;
        private bool _passwordReprompt = false;
-        private bool _hasMasterPassword;
+        private bool _usesKeyConnector;
        private bool _biometricUnlockOnly = false;
        private bool _checkingPassword;
@@ -96,7 +95,7 @@ namespace Bit.iOS.Core.Controllers
            _secureStorageService = ServiceContainer.Resolve<IStorageService>("secureStorageService");
            _platformUtilsService = ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService");
            _biometricService = ServiceContainer.Resolve<IBiometricService>("biometricService");
-            _userVerificationService = ServiceContainer.Resolve<IUserVerificationService>();
+            _keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
            _accountManager = ServiceContainer.Resolve<IAccountsManager>("accountsManager");
            // We re-use the lock screen for autofill extension to verify master password
@@ -104,32 +103,29 @@ namespace Bit.iOS.Core.Controllers
            if (autofillExtension && await _stateService.GetPasswordRepromptAutofillAsync())
            {
                _passwordReprompt = true;
-                _pinStatus = PinLockType.Disabled;
+                _isPinProtected = false;
-                _pinEnabled = false;
+                _isPinProtectedWithKey = false;
-                _biometricEnabled = false;
+                _pinLock = false;
                _biometricLock = false;
            }
            else
            {
-                _pinStatus = await _vaultTimeoutService.GetPinLockTypeAsync();
+                (_isPinProtected, _isPinProtectedWithKey) = await _vaultTimeoutService.IsPinLockSetAsync();
-
+                _pinLock = (_isPinProtected && await _stateService.GetPinProtectedKeyAsync() != null) ||
-                var ephemeralPinSet = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync()
+                           _isPinProtectedWithKey;
-                    ?? await _stateService.GetPinProtectedKeyAsync();
+                _biometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() &&
-                _pinEnabled = (_pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
+                                 await _cryptoService.HasKeyAsync();
                    _pinStatus == PinLockType.Persistent;
                _biometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync()
                    && await _cryptoService.HasEncryptedUserKeyAsync();
                _biometricIntegrityValid =
                    await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey);
-                _hasMasterPassword = await _userVerificationService.HasMasterPasswordAsync();
+                _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
-                _biometricUnlockOnly = !_hasMasterPassword && _biometricEnabled && !_pinEnabled;
+                _biometricUnlockOnly = _usesKeyConnector && _biometricLock && !_pinLock;
            }
-            if (_pinEnabled)
+            if (_pinLock)
            {
                BaseNavItem.Title = AppResources.VerifyPIN;
            }
-            else if (!_hasMasterPassword)
+            else if (_usesKeyConnector)
            {
                BaseNavItem.Title = AppResources.UnlockVault;
            }
@@ -154,7 +150,7 @@ namespace Bit.iOS.Core.Controllers
            if (!_biometricUnlockOnly)
            {
-                MasterPasswordCell.Label.Text = _pinEnabled ? AppResources.PIN : AppResources.MasterPassword;
+                MasterPasswordCell.Label.Text = _pinLock ? AppResources.PIN : AppResources.MasterPassword;
                MasterPasswordCell.TextField.SecureTextEntry = true;
                MasterPasswordCell.TextField.ReturnKeyType = UIReturnKeyType.Go;
                MasterPasswordCell.TextField.ShouldReturn += (UITextField tf) =>
@@ -162,7 +158,7 @@ namespace Bit.iOS.Core.Controllers
                    CheckPasswordAsync().FireAndForget();
                    return true;
                };
-                if (_pinEnabled)
+                if (_pinLock)
                {
                    MasterPasswordCell.TextField.KeyboardType = UIKeyboardType.NumberPad;
                }
@@ -181,7 +177,7 @@ namespace Bit.iOS.Core.Controllers
            base.ViewDidLoad();
-            if (_biometricEnabled)
+            if (_biometricLock)
            {
                if (!_biometricIntegrityValid)
                {
@@ -200,15 +196,15 @@ namespace Bit.iOS.Core.Controllers
            base.ViewDidAppear(animated);
            // Users with key connector and without biometric or pin has no MP to unlock with
-            if (!_hasMasterPassword)
+            if (_usesKeyConnector)
            {
-                if (!(_pinEnabled || _biometricEnabled) ||
+                if (!(_pinLock || _biometricLock) ||
-                    (_biometricEnabled && !_biometricIntegrityValid))
+                    (_biometricLock && !_biometricIntegrityValid))
                {
                    PromptSSO();
                }
            }
-            else if (!_biometricEnabled || !_biometricIntegrityValid)
+            else if (!_biometricLock || !_biometricIntegrityValid)
            {
                MasterPasswordCell.TextField.BecomeFirstResponder();
            }
@@ -228,7 +224,7 @@ namespace Bit.iOS.Core.Controllers
                {
                    var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,
                        string.Format(AppResources.ValidationFieldRequired,
-                            _pinEnabled ? AppResources.PIN : AppResources.MasterPassword),
+                            _pinLock ? AppResources.PIN : AppResources.MasterPassword),
                        AppResources.Ok);
                    PresentViewController(alert, true, null);
                    return;
@@ -250,53 +246,33 @@ namespace Bit.iOS.Core.Controllers
                    return;
                }
-                if (_pinEnabled)
+                if (_pinLock)
                {
                    var failed = true;
                    try
                    {
-                        EncString userKeyPin = null;
+                        if (_isPinProtected)
                        EncString oldPinProtected = null;
                        if (_pinStatus == PinLockType.Persistent)
                        {
-                            userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyAsync();
+                            var key = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
                            var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
                            oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
                        }
                        else if (_pinStatus == PinLockType.Transient)
                        {
                            userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync();
                            oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
                        }
                        UserKey userKey;
                        if (oldPinProtected != null)
                        {
                            userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
                                _pinStatus == PinLockType.Transient,
                                inputtedValue,
                                email,
                                kdfConfig,
-                                oldPinProtected
+                                await _stateService.GetPinProtectedKeyAsync());
-                            );
+                            var encKey = await _cryptoService.GetEncKeyAsync(key);
                            var protectedPin = await _stateService.GetProtectedPinAsync();
                            var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
                            failed = decPin != inputtedValue;
                            if (!failed)
                            {
                                await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                                await SetKeyAndContinueAsync(key);
                            }
                        }
                        else
                        {
-                            userKey = await _cryptoService.DecryptUserKeyWithPinAsync(
+                            var key2 = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
-                                inputtedValue,
+                                kdfConfig);
-                                email,
+                            failed = false;
                                kdfConfig,
                                userKeyPin
                            );
                        }
                        var protectedPin = await _stateService.GetProtectedPinAsync();
                        var decryptedPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), userKey);
                        failed = decryptedPin != inputtedValue;
                        if (!failed)
                        {
                            await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                            await SetKeyAndContinueAsync(userKey);
+                            await SetKeyAndContinueAsync(key2);
                        }
                    }
                    catch
@@ -310,27 +286,33 @@ namespace Bit.iOS.Core.Controllers
                }
                else
                {
-                    var masterKey = await _cryptoService.MakeMasterKeyAsync(inputtedValue, email, kdfConfig);
+                    var key2 = await _cryptoService.MakeKeyAsync(inputtedValue, email, kdfConfig);
-                    var storedPasswordHash = await _cryptoService.GetMasterKeyHashAsync();
+                    var storedKeyHash = await _cryptoService.GetKeyHashAsync();
-                    if (storedPasswordHash == null)
+                    if (storedKeyHash == null)
                    {
                        var oldKey = await _secureStorageService.GetAsync<string>("oldKey");
-                        if (masterKey.KeyB64 == oldKey)
+                        if (key2.KeyB64 == oldKey)
                        {
-                            var localPasswordHash = await _cryptoService.HashMasterKeyAsync(inputtedValue, masterKey, HashPurpose.LocalAuthorization);
+                            var localKeyHash = await _cryptoService.HashPasswordAsync(inputtedValue, key2, HashPurpose.LocalAuthorization);
                            await _secureStorageService.RemoveAsync("oldKey");
-                            await _cryptoService.SetMasterKeyHashAsync(localPasswordHash);
+                            await _cryptoService.SetKeyHashAsync(localKeyHash);
                        }
                    }
-                    var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(inputtedValue, masterKey);
+                    var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(inputtedValue, key2);
                    if (passwordValid)
                    {
                        if (_isPinProtected)
                        {
                            var protectedPin = await _stateService.GetProtectedPinAsync();
                            var encKey = await _cryptoService.GetEncKeyAsync(key2);
                            var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
                            var pinKey = await _cryptoService.MakePinKeyAysnc(decPin, email,
                                kdfConfig);
                            await _stateService.SetPinProtectedKeyAsync(await _cryptoService.EncryptAsync(key2.Key, pinKey));
                        }
                        await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-
+                        await SetKeyAndContinueAsync(key2, true);
                        var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
                        await _cryptoService.SetMasterKeyAsync(masterKey);
                        await SetKeyAndContinueAsync(userKey, true);
                    }
                    else
                    {
@@ -357,12 +339,12 @@ namespace Bit.iOS.Core.Controllers
        public async Task PromptBiometricAsync()
        {
-            if (!_biometricEnabled || !_biometricIntegrityValid)
+            if (!_biometricLock || !_biometricIntegrityValid)
            {
                return;
            }
            var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
-                _pinEnabled ? AppResources.PIN : AppResources.MasterPassword,
+                _pinLock ? AppResources.PIN : AppResources.MasterPassword,
                () => MasterPasswordCell.TextField.BecomeFirstResponder());
            await _stateService.SetBiometricLockedAsync(!success);
            if (success)
@@ -389,12 +371,12 @@ namespace Bit.iOS.Core.Controllers
            PresentViewController(loginController, true, null);
        }
-        private async Task SetKeyAndContinueAsync(UserKey userKey, bool masterPassword = false)
+        private async Task SetKeyAndContinueAsync(SymmetricCryptoKey key, bool masterPassword = false)
        {
-            var hasKey = await _cryptoService.HasUserKeyAsync();
+            var hasKey = await _cryptoService.HasKeyAsync();
            if (!hasKey)
            {
-                await _cryptoService.SetUserKeyAsync(userKey);
+                await _cryptoService.SetKeyAsync(key);
            }
            DoContinue(masterPassword);
        }
@@ -414,7 +396,7 @@ namespace Bit.iOS.Core.Controllers
        private async Task EnableBiometricsIfNeeded()
        {
            // Re-enable biometrics if initial use
-            if (_biometricEnabled & !_biometricIntegrityValid)
+            if (_biometricLock & !_biometricIntegrityValid)
            {
                await _biometricService.SetupBiometricAsync(BiometricIntegritySourceKey);
            }
@@ -423,7 +405,7 @@ namespace Bit.iOS.Core.Controllers
        private void InvalidValue()
        {
            var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,
-                string.Format(null, _pinEnabled ? AppResources.PIN : AppResources.InvalidMasterPassword),
+                string.Format(null, _pinLock ? AppResources.PIN : AppResources.InvalidMasterPassword),
                AppResources.Ok, (a) =>
                {
@@ -508,7 +490,7 @@ namespace Bit.iOS.Core.Controllers
                    return 0;
                }
-                return (!controller._biometricUnlockOnly && controller._biometricEnabled) ||
+                return (!controller._biometricUnlockOnly && controller._biometricLock) ||
                    controller._passwordReprompt
                    ? 2
                    : 1;
--- a/src/iOS.Core/Controllers/LockPasswordViewController.cs
+++ b/src/iOS.Core/Controllers/LockPasswordViewController.cs
@@ -1,19 +1,18 @@
 using System;
 using System.Threading.Tasks;
 using Bit.App.Abstractions;
 using Bit.App.Models;
 using Bit.App.Pages;
 using Bit.App.Resources;
 using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Bit.iOS.Core.Utilities;
 using Bit.iOS.Core.Views;
 using Foundation;
 using UIKit;
 using Foundation;
 using Bit.iOS.Core.Views;
 using Bit.App.Resources;
 using Bit.iOS.Core.Utilities;
 using Bit.App.Abstractions;
 using Bit.Core.Abstractions;
 using Bit.Core.Utilities;
 using System.Threading.Tasks;
 using Bit.App.Utilities;
 using Bit.Core.Models.Domain;
 using Bit.Core.Enums;
 using Bit.App.Pages;
 using Bit.App.Models;
 using Xamarin.Forms;
 namespace Bit.iOS.Core.Controllers
@@ -29,13 +28,14 @@ namespace Bit.iOS.Core.Controllers
        private IStorageService _secureStorageService;
        private IPlatformUtilsService _platformUtilsService;
        private IBiometricService _biometricService;
-        private IUserVerificationService _userVerificationService;
+        private IKeyConnectorService _keyConnectorService;
-        private PinLockType _pinStatus;
+        private bool _isPinProtected;
-        private bool _pinEnabled;
+        private bool _isPinProtectedWithKey;
-        private bool _biometricEnabled;
+        private bool _pinLock;
        private bool _biometricLock;
        private bool _biometricIntegrityValid = true;
        private bool _passwordReprompt = false;
-        private bool _hasMasterPassword;
+        private bool _usesKeyConnector;
        private bool _biometricUnlockOnly = false;
        protected bool autofillExtension = false;
@@ -89,45 +89,42 @@ namespace Bit.iOS.Core.Controllers
            _secureStorageService = ServiceContainer.Resolve<IStorageService>("secureStorageService");
            _platformUtilsService = ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService");
            _biometricService = ServiceContainer.Resolve<IBiometricService>("biometricService");
-            _userVerificationService = ServiceContainer.Resolve<IUserVerificationService>();
+            _keyConnectorService = ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService");
            // We re-use the lock screen for autofill extension to verify master password
            // when trying to access protected items.
            if (autofillExtension && await _stateService.GetPasswordRepromptAutofillAsync())
            {
                _passwordReprompt = true;
-                _pinStatus = PinLockType.Disabled;
+                _isPinProtected = false;
-                _pinEnabled = false;
+                _isPinProtectedWithKey = false;
-                _biometricEnabled = false;
+                _pinLock = false;
                _biometricLock = false;
            }
            else
            {
-                _pinStatus = await _vaultTimeoutService.GetPinLockTypeAsync();
+                (_isPinProtected, _isPinProtectedWithKey) = await _vaultTimeoutService.IsPinLockSetAsync();
-
+                _pinLock = (_isPinProtected && await _stateService.GetPinProtectedKeyAsync() != null) ||
-                var ephemeralPinSet = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync()
+                           _isPinProtectedWithKey;
-                    ?? await _stateService.GetPinProtectedKeyAsync();
+                _biometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() &&
-                _pinEnabled = (_pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
+                                 await _cryptoService.HasKeyAsync();
                    _pinStatus == PinLockType.Persistent;
                _biometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync()
                    && await _cryptoService.HasEncryptedUserKeyAsync();
                _biometricIntegrityValid =
                    await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey);
-                _hasMasterPassword = await _userVerificationService.HasMasterPasswordAsync();
+                _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
-                _biometricUnlockOnly = !_hasMasterPassword && _biometricEnabled && !_pinEnabled;
+                _biometricUnlockOnly = _usesKeyConnector && _biometricLock && !_pinLock;
            }
-            if (_pinEnabled)
+            if (_pinLock)
            {
                BaseNavItem.Title = AppResources.VerifyPIN;
            }
-            else if (_hasMasterPassword)
+            else if (_usesKeyConnector)
            {
-                BaseNavItem.Title = AppResources.VerifyMasterPassword;
+                BaseNavItem.Title = AppResources.UnlockVault;
            }
            else
            {
-                BaseNavItem.Title = AppResources.UnlockVault;
+                BaseNavItem.Title = AppResources.VerifyMasterPassword;
            }
            BaseCancelButton.Title = AppResources.Cancel;
@@ -146,7 +143,7 @@ namespace Bit.iOS.Core.Controllers
            if (!_biometricUnlockOnly)
            {
-                MasterPasswordCell.Label.Text = _pinEnabled ? AppResources.PIN : AppResources.MasterPassword;
+                MasterPasswordCell.Label.Text = _pinLock ? AppResources.PIN : AppResources.MasterPassword;
                MasterPasswordCell.TextField.SecureTextEntry = true;
                MasterPasswordCell.TextField.ReturnKeyType = UIReturnKeyType.Go;
                MasterPasswordCell.TextField.ShouldReturn += (UITextField tf) =>
@@ -154,7 +151,7 @@ namespace Bit.iOS.Core.Controllers
                    CheckPasswordAsync().GetAwaiter().GetResult();
                    return true;
                };
-                if (_pinEnabled)
+                if (_pinLock)
                {
                    MasterPasswordCell.TextField.KeyboardType = UIKeyboardType.NumberPad;
                }
@@ -168,7 +165,7 @@ namespace Bit.iOS.Core.Controllers
            base.ViewDidLoad();
-            if (_biometricEnabled)
+            if (_biometricLock)
            {
                if (!_biometricIntegrityValid)
                {
@@ -186,16 +183,16 @@ namespace Bit.iOS.Core.Controllers
        {
            base.ViewDidAppear(animated);
-            // Users without MP and without biometric or pin need SSO
+            // Users with key connector and without biometric or pin has no MP to unlock with
-            if (!_hasMasterPassword)
+            if (_usesKeyConnector)
            {
-                if (!(_pinEnabled || _biometricEnabled) ||
+                if (!(_pinLock || _biometricLock) ||
-                    (_biometricEnabled && !_biometricIntegrityValid))
+                    (_biometricLock && !_biometricIntegrityValid))
                {
                    PromptSSO();
                }
            }
-            else if (!_biometricEnabled || !_biometricIntegrityValid)
+            else if (!_biometricLock || !_biometricIntegrityValid)
            {
                MasterPasswordCell.TextField.BecomeFirstResponder();
            }
@@ -207,7 +204,7 @@ namespace Bit.iOS.Core.Controllers
            {
                var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,
                    string.Format(AppResources.ValidationFieldRequired,
-                        _pinEnabled ? AppResources.PIN : AppResources.MasterPassword),
+                        _pinLock ? AppResources.PIN : AppResources.MasterPassword),
                    AppResources.Ok);
                PresentViewController(alert, true, null);
                return;
@@ -217,53 +214,33 @@ namespace Bit.iOS.Core.Controllers
            var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
            var inputtedValue = MasterPasswordCell.TextField.Text;
-            if (_pinEnabled)
+            if (_pinLock)
            {
                var failed = true;
                try
                {
-                    EncString userKeyPin = null;
+                    if (_isPinProtected)
                    EncString oldPinProtected = null;
                    if (_pinStatus == PinLockType.Persistent)
                    {
-                        userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyAsync();
+                        var key = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
                        var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
                        oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
                    }
                    else if (_pinStatus == PinLockType.Transient)
                    {
                        userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync();
                        oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
                    }
                    UserKey userKey;
                    if (oldPinProtected != null)
                    {
                        userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
                            _pinStatus == PinLockType.Transient,
                            inputtedValue,
                            email,
                            kdfConfig,
-                            oldPinProtected
+                            await _stateService.GetPinProtectedKeyAsync());
-                        );
+                        var encKey = await _cryptoService.GetEncKeyAsync(key);
                        var protectedPin = await _stateService.GetProtectedPinAsync();
                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
                        failed = decPin != inputtedValue;
                        if (!failed)
                        {
                            await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                            await SetKeyAndContinueAsync(key);
                        }
                    }
                    else
                    {
-                        userKey = await _cryptoService.DecryptUserKeyWithPinAsync(
+                        var key2 = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
-                            inputtedValue,
+                            kdfConfig);
-                            email,
+                        failed = false;
                            kdfConfig,
                            userKeyPin
                        );
                    }
                    var protectedPin = await _stateService.GetProtectedPinAsync();
                    var decryptedPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), userKey);
                    failed = decryptedPin != inputtedValue;
                    if (!failed)
                    {
                        await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                        await SetKeyAndContinueAsync(userKey);
+                        await SetKeyAndContinueAsync(key2);
                    }
                }
                catch
@@ -283,27 +260,33 @@ namespace Bit.iOS.Core.Controllers
            }
            else
            {
-                var masterKey = await _cryptoService.MakeMasterKeyAsync(inputtedValue, email, kdfConfig);
+                var key2 = await _cryptoService.MakeKeyAsync(inputtedValue, email, kdfConfig);
-                var storedPasswordHash = await _cryptoService.GetMasterKeyHashAsync();
+                var storedKeyHash = await _cryptoService.GetKeyHashAsync();
-                if (storedPasswordHash == null)
+                if (storedKeyHash == null)
                {
                    var oldKey = await _secureStorageService.GetAsync<string>("oldKey");
-                    if (masterKey.KeyB64 == oldKey)
+                    if (key2.KeyB64 == oldKey)
                    {
-                        var localPasswordHash = await _cryptoService.HashMasterKeyAsync(inputtedValue, masterKey, HashPurpose.LocalAuthorization);
+                        var localKeyHash = await _cryptoService.HashPasswordAsync(inputtedValue, key2, HashPurpose.LocalAuthorization);
                        await _secureStorageService.RemoveAsync("oldKey");
-                        await _cryptoService.SetMasterKeyHashAsync(localPasswordHash);
+                        await _cryptoService.SetKeyHashAsync(localKeyHash);
                    }
                }
-                var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(inputtedValue, masterKey);
+                var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(inputtedValue, key2);
                if (passwordValid)
                {
                    if (_isPinProtected)
                    {
                        var protectedPin = await _stateService.GetProtectedPinAsync();
                        var encKey = await _cryptoService.GetEncKeyAsync(key2);
                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
                        var pinKey = await _cryptoService.MakePinKeyAysnc(decPin, email,
                           kdfConfig);
                        await _stateService.SetPinProtectedKeyAsync(await _cryptoService.EncryptAsync(key2.Key, pinKey));
                    }
                    await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-
+                    await SetKeyAndContinueAsync(key2, true);
                    var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
                    await _cryptoService.SetMasterKeyAsync(masterKey);
                    await SetKeyAndContinueAsync(userKey, true);
                }
                else
                {
@@ -320,12 +303,12 @@ namespace Bit.iOS.Core.Controllers
        public async Task PromptBiometricAsync()
        {
-            if (!_biometricEnabled || !_biometricIntegrityValid)
+            if (!_biometricLock || !_biometricIntegrityValid)
            {
                return;
            }
            var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
-                _pinEnabled ? AppResources.PIN : AppResources.MasterPassword,
+                _pinLock ? AppResources.PIN : AppResources.MasterPassword,
                () => MasterPasswordCell.TextField.BecomeFirstResponder());
            await _stateService.SetBiometricLockedAsync(!success);
            if (success)
@@ -352,12 +335,12 @@ namespace Bit.iOS.Core.Controllers
            PresentViewController(loginController, true, null);
        }
-        private async Task SetKeyAndContinueAsync(UserKey userKey, bool masterPassword = false)
+        private async Task SetKeyAndContinueAsync(SymmetricCryptoKey key, bool masterPassword = false)
        {
-            var hasKey = await _cryptoService.HasUserKeyAsync();
+            var hasKey = await _cryptoService.HasKeyAsync();
            if (!hasKey)
            {
-                await _cryptoService.SetUserKeyAsync(userKey);
+                await _cryptoService.SetKeyAsync(key);
            }
            DoContinue(masterPassword);
        }
@@ -377,7 +360,7 @@ namespace Bit.iOS.Core.Controllers
        private async Task EnableBiometricsIfNeeded()
        {
            // Re-enable biometrics if initial use
-            if (_biometricEnabled & !_biometricIntegrityValid)
+            if (_biometricLock & !_biometricIntegrityValid)
            {
                await _biometricService.SetupBiometricAsync(BiometricIntegritySourceKey);
            }
@@ -386,7 +369,7 @@ namespace Bit.iOS.Core.Controllers
        private void InvalidValue()
        {
            var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,
-                string.Format(null, _pinEnabled ? AppResources.PIN : AppResources.InvalidMasterPassword),
+                string.Format(null, _pinLock ? AppResources.PIN : AppResources.InvalidMasterPassword),
                AppResources.Ok, (a) =>
                    {
@@ -461,7 +444,7 @@ namespace Bit.iOS.Core.Controllers
            public override nint NumberOfSections(UITableView tableView)
            {
-                return (!_controller._biometricUnlockOnly && _controller._biometricEnabled) ||
+                return (!_controller._biometricUnlockOnly && _controller._biometricLock) ||
                    _controller._passwordReprompt
                    ? 2
                    : 1;
--- a/src/iOS.Core/Services/BiometricService.cs
+++ b/src/iOS.Core/Services/BiometricService.cs
@@ -1,19 +1,20 @@
 using System.Threading.Tasks;
 using Bit.App.Services;
 using Bit.Core.Abstractions;
 using Foundation;
 using LocalAuthentication;
 namespace Bit.iOS.Core.Services
 {
-    public class BiometricService : BaseBiometricService
+    public class BiometricService : IBiometricService
    {
-        public BiometricService(IStateService stateService, ICryptoService cryptoService)
+        private IStateService _stateService;
-            : base(stateService, cryptoService)
+
        public BiometricService(IStateService stateService)
        {
            _stateService = stateService;
        }
-        public override async Task<bool> SetupBiometricAsync(string bioIntegritySrcKey = null)
+        public async Task<bool> SetupBiometricAsync(string bioIntegritySrcKey = null)
        {
            if (bioIntegritySrcKey == null)
            {
@@ -29,7 +30,7 @@ namespace Bit.iOS.Core.Services
            return true;
        }
-        public override async Task<bool> IsSystemBiometricIntegrityValidAsync(string bioIntegritySrcKey = null)
+        public async Task<bool> IsSystemBiometricIntegrityValidAsync(string bioIntegritySrcKey = null)
        {
            var state = GetState();
            if (state == null)
--- a/src/iOS.Core/Utilities/iOSCoreHelpers.cs
+++ b/src/iOS.Core/Utilities/iOSCoreHelpers.cs
@@ -112,9 +112,9 @@ namespace Bit.iOS.Core.Utilities
            var clipboardService = new ClipboardService(stateService);
            var platformUtilsService = new MobilePlatformUtilsService(deviceActionService, clipboardService,
                messagingService, broadcasterService);
            var biometricService = new BiometricService(stateService);
            var cryptoFunctionService = new PclCryptoFunctionService(cryptoPrimitiveService);
            var cryptoService = new CryptoService(stateService, cryptoFunctionService);
            var biometricService = new BiometricService(stateService, cryptoService);
            var passwordRepromptService = new MobilePasswordRepromptService(platformUtilsService, cryptoService);
            ServiceContainer.Register<ISynchronousStorageService>(preferencesStorage);
@@ -247,8 +247,7 @@ namespace Bit.iOS.Core.Utilities
            var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
                ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
                ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
-                ServiceContainer.Resolve<ICryptoService>("cryptoService"),
+                ServiceContainer.Resolve<ICryptoService>("cryptoService"));
                ServiceContainer.Resolve<IUserVerificationService>());
            ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
            if (postBootstrapFunc != null)
--- a/Show More
+++ b/Show More