> the user gets what they asked for, namely a password database secured by a 4 digit PIN. A 4 digit PIN would be safe if Bitwarden securely enforced an attempt limit on the PIN. There's several options to implement this…
> Of course the PIN can be brute forced. It feels like reporting "I can walk over the lawn fence". This is entirely non-obvious: there's several ways to implement a PIN unlock in a secure way (see e.g. what you…
> However, when the database unloads, your database is still protected by your pass phrase. This is not the case if you disable the "lock with master password on restart" option. In that case only your PIN is guarding…
> the user gets what they asked for, namely a password database secured by a 4 digit PIN. A 4 digit PIN would be safe if Bitwarden securely enforced an attempt limit on the PIN. There's several options to implement this…
> Of course the PIN can be brute forced. It feels like reporting "I can walk over the lawn fence". This is entirely non-obvious: there's several ways to implement a PIN unlock in a secure way (see e.g. what you…
> However, when the database unloads, your database is still protected by your pass phrase. This is not the case if you disable the "lock with master password on restart" option. In that case only your PIN is guarding…