[deleted]
No!
While you are in owner profile, you have no access to the login window for the secondary profile.

For security reasons, I let Bitwarden delete a cached password after 10 seconds.
– But even if I were to set this time to 10 minutes in order to first copy the extra long password from the password manager of the owner profile without stress and then switch to the second profile in order to paste it there – this does not work because the cache is deleted when switching to the second profile.
– Or perhaps to put it in more understandable and technically correct terms:
The cache of one profile is never available for another profile.

    • [deleted]

    • Edited

    Eagle_Owl do you have a suggestion on how to use longer passwords? or should i stick with the pin?

      [deleted]
      See my favourite comic strip for this topic:
      https://xkcd.com/936/

      I don't use a PIN – I don't want to rely solely on the secure element in the phone.

      Because you need one really strong password for your computer/smartphone and another one as master password for your password manager, which you as human can memorise and handle:
      Select the second method of this great comic, maybe better with seven words instead of four.
      Write it down on paper (!), keep it in a safe place!
      And use it constantly, several times a day at first, to really memorise it.

      The following method helps you to memorise it as quickly as possible:

      1. Be sure to write it down (on paper!) and put it in a really safe place (for emergencies).
      2. On your PC/laptop, replace your previous password with your new passphrase of four to seven words (paper with new passphrase really created and secured?)
      3. Set the time for locking the screen from 30 minutes (?) or longer to max. 15 minutes!
        This means you often get the login screen and have to keep entering the new password phrase.
        Annoying, yes, but you'll quickly memorise your passphrase!

      It's like in the old days when there were no smartphones/redialling and you had to type a phone number a lot if you didn't get someone on the phone straight away.
      You quickly memorised even complex phone numbers without wanting to. :-)

        • [deleted]

        Eagle_Owl thank you for the tips! Is 4 worlds okay or does it have to be 7?

          I just use a 12-character password and my fingerprint.

          Is that dumb?

            The best solution I have for this is what I do.

            I use a yubikey

            The yubikey can act like a keyboard.
            So I type in a shortish password then Press the yubikey and this the Automatically types characters as a keyboard.
            taking my password upto 64, characters.

              • [deleted]

              L8437 how do you do that??

                [deleted] so the yubikey has different features.

                There is an option for "short press" and "long press" of the button.

                You can type in your own diceware password in the yubi key "long press" option. (That way if you lose it, you can manually type it in yourself)

                Then when you plug it into the phone, or computer, you press the button and hold for a second, and it then rapidly types what ever you have set.

                So what you do is...

                When you set your phone password....you decide to manually type a short easy one....followed by pressing the yubikey. Because the yubikey acts like an external keyboard this means you can have a much longer password without the inconvenience of having to type it in manually

                This means, with the yubikey on its own only provides part of the password so you can't gain access to your phone with JUST the yubikey as you would need to type in your manual password beforehand.

                Does this make sense?

                  • [deleted]

                  L8437 it absolutely does! I have yubikeys and have never tried this. how dod i get to those options?

                  • [deleted]

                  L8437 NVM figured it out!

                    [deleted] nice one, did you manage to get it to work?

                    [deleted]
                    4 words (not worlds, I know – funny typo) are enough for normal circumstances.
                    But if you have an idea for a great 5, 6, or 7 word passphrase, why not?
                    It depends on your threat model and a very clever 4 word phrase you keep really private can be better than a bad 7 word phrase – or a good 7 word phrase you don't keep really, really secret. ;-)

                    Blastoidea
                    No, absolutely not!
                    If it is good password (not anything we could find in any dictionary), then it's fine.
                    Assuming you don't live in the USA or another country where you can be punished for not unlocking your phone with a fingerprint when it is checked by a police officer, this is sufficient.

                    But even in countries with such dubious laws, all you need to do in the event of a police check is press and hold the power button and then quickly tap "Lock" or "Restart".
                    The password is then required (I personally wouldn't use a PIN, but a 6-digit PIN is also sufficient as long as the Secure Element can protect you with it).

                    L8437
                    Yubikey or any other hardware token:
                    Don't forget to buy at least two of them and use one or more of them as backup!

                    Because: if you loose one or it suddenly doesn't work anymore for any reason, then you are locked out.

                    i do 6 digit pin scrambled, unlocks with last correct digit. thats on main startup profile
                    no lock on my social media/work profile for quick access during day, considering finger print for that

                    5 months later
                    • Edited

                    I use 15-digit pin and scrambled keypad. is that overkill?

                    to answer a phone call, I have to input the pin first before I can answer the call. do you have to enter pin/passphrase first to answer the incoming call? Is there a setting where I can just answer incoming call without entering the pin?

                    I use fingerprint for Molly (Signal) and KeepassDX; should I use fingerprint for them?

                    • de0u replied to this.

                      tomz I use 15-digit pin and scrambled keypad. is that overkill?

                      to answer a phone call, I have to input the pin first before I can answer the call.

                      Is it possible that the device has a short auto-reboot interval set, so that when a call comes in the device is in the before first unlock (BFU) state?

                        de0u

                        thanks for your reply.
                        I have auto-reboot set for every 4 hrs. I'll change it longer to see if that is the 'smoking gun'
                        thx

                          tomz I have auto-reboot set for every 4 hrs. I'll change it longer to see if that is the 'smoking gun'

                          Great!

                          You can also run some experiments, e.g., power device off, power it on, have somebody call: I expect that would require PIN entry to answer. Then hang up the call, tap the power button to activate the screen lock, then have somebody call again.

                          I believe that fingerprint authorization times out after some period of time (I don't know how long). Of potential relevance:

                          Please note that the developers have requested that people not add "I want this too!" or "Is progress being made on this?" comments to GitHub issues, which are for technical content, not discussion (this here is the discussion forum). It is fine to subscribe to a GitHub issue, or to use one of the reaction emoji to indicate interest, but if an issue garners too much non-technical content the developers may lock discussion on the issue, which can only slow progress down.