It’s practically game over if an attacker has access to your laptop. They can for example install a keylogger and capture your master password for any password manager.
Different threat model. If someone steals your laptop, your hardware is seized or your employer wants their backdoored machine (but not backdoored in this specific way) back, you probably do not want to leak your password manager contents either.
I use the practice of creating a new employee specific password manager account instead. Once I have an employee email address, I use that to register on either Mozilla's password manager, or BitWarden. It works out nicely, isolates everything, and should I ever leave and someone needs an account I once had, I can safely pass along an old password with ease.
To clarify for those that jumped straight to the comments; the threat model this article is talking about is extracting the encrypted database stored locally on your machine to brute-force the PIN.
Personally, I'd agree with Bitwarden on this that it's an attack that requires physical access to a user's device, or worse, remote admin privileges.
> Using a PIN can weaken the level of encryption that protects your application's local vault database.
> If you are worried about attack vectors that involve your device's local data being compromised,
> you may want to reconsider the convenience of using a PIN.
It's a choice on the user to weaken the encryption. I don't use Bitwarden, but if they communicate that properly to the user, it's a valid compromise for convenience-versus-security.
This doesn't answer the question. Why is there a choice to encrypt something when it's completely unnecessary (according to their threat model)? No point in building unnecessary complexity into software, especially software meant for security.
Using the PIN is outdated anyways when it comes to convenience, all reasonable user OS now support biometrics and those offer better risk mitigation in comparison.
It is something they should remove entirely in an upcoming version after giving users enough warning.
Personally I advocate using BitWarden for commonly used logins that, if they were compromised, would not be catastrophic; perhaps in some cases because 2FA provides another, tautologically, factor, and KeePass secured with a FIDO2 device in challenge response mode, a passphrase, and possibly setting a higher key stretching work factor to further blunt any brute force attempt, in which more important data is held.
That's an absurd amount of effort to bypass fingerprint biometrics, nice.
However, it's important to note here that biometrics isn't just about fingerprints and every OS handles their available biometrics options differently. For example, I would recommend face authentication on apple devices, however I would avoid using face for windows, and instead recommend a windows hello PIN (yes, it's handled differently than the PIN in the above article).
Ultimately, you're just trying to create a balance between the layers of protection and reasonable attacks. There's only so much you can protect against, nobody can withstand someone who is cloning fingerprints, stealing devices, has access to your separate device 2FA, etc. without severely affecting their lifestyle.
I'm pretty sure you can register the same finger over and over again for new "keys". Assuming you go through the tedious process of disabling, restarting, etc whatever each one of the underlying OS demands. It's an additional layer that Bitwarden (and other apps) do not get direct access to.
So no excuse if you value convenience, PINs are not good. Short easy to remember and enter PINs are also the reason Apple is under fire due to how easily you can avoid biometrics and just use the 6 digit PIN.
Yup unless encrypted and password locked. Never leave a machine unlocked.
There are/were some highly-sophisticated attacks using peripheral bus exploits (firewire, thunderbolt, etc.), but that's a very unlikely threat to most people.
