[Feature] Biometric/FaceID/PIN protection

Platform

[X] iOS
[ ] Android

Obsidian Mobile version: v0.0.15


Would love to see FaceID protection on the app. It’s a decently common feature among other mobile journaling apps, along with a PIN lock for instances when biometric login isn’t working.

It’s not about encrypting the notes or fully protecting a synced vault - more just that it’s usually easier for someone to get into your phone than your computer.

41 Likes

I would like to see that on Android too.

6 Likes

Yes, please — I’d like some security to protect notes in the event the phone is stolen etc.

5 Likes

Here’s another vote for Face ID / Touch ID / PIN option when launching or returning to the app after a configurable time period. I use Day One for journaling and would like to replace it fully with Obsidian, but as long as someone can just tap the app icon to jump straight to my most recent notes if I’ve temporarily handed them my iPhone/iPad, it’s a non-starter.

2 Likes

Platform

[] iOS
[X] Android

I also vote for a way to secure the app, i don’t like the fact that the sensitive information i put in Obsidian is this easy to get access to

1 Like

Yes, please.

2 Likes

+1. Please :pray:

2 Likes

A PIN protection would be sufficient. Our “vault” is not really a vault until we can lock our vault.

A clear and absolute NO to any biometric stuff however - such “cozy” features are phone-exclusive and overkill for an app feature.
Security isn’t something to toy around. I’d hate if scanning faces would become a normality. What said B. Franklin?

“Those Who Sacrifice Liberty For Security Deserve Neither”

1 Like

+1, please

Other thoughts:

  • Allow for PIN that is different from the device PIN/passcode (i.e. do not allow unlocking with device PIN if FaceID fails, user’s choice)
  • Option to set the PIN application-wide or vault-specific
1 Like

Here’s a little shortcut I made that enforces Face ID when opening the Obsidian mobile app on iOS. Just create an automation that runs this shortcut whenever the Obsidian app opens.
https://www.icloud.com/shortcuts/d5f1ae80d7fe4e00bddd1a11bfd0f732

You’ll need to install the free Actions app first to be able to set a global variable.

You could probably make it fancier where it doesn’t authenticate every single time but only if you’ve been away longer than X seconds, but it’s good enough for me for now. You might also be able to combine this with a modified version of the Lock Screen plugin, where if Obsidian is launched with a custom URL parameter after authenticating from the shortcut, it will dismiss the Lock Screen overlay.

2 Likes

A lot of people considering Obsidian ask about this. I agree that it doesn’t have to include at-rest encryption—it would just be a way to keep someone you’ve handed your phone to from opening Obsidian (whether by accident or out of curiosity) and seeing the last note you had open.

5 Likes

+1 for optional PIN & biometric (FaceID / TouchID) protection for app opening. With a configurable time-out from instant to 15 minutes.

Surprising that this isn’t already a feature on the mobile app, as it’s core functionality on all modern Androids and iPhones, and a very common feature on many other note & knowledge management apps. The APIs for biometric protection are sitting there in Android & iOS just asking to be used!

Thanks! :pray:

1 Like

Platform

iOS
Android

I love this idea. I want to feel comfortable putting personal stuff into Obsidian and having the app be fingerprint-protected would go a long way to making me feel more secure, even if the actual files were not encrypted (i.e., accessible via the file manager). That would still add some friction and prevent opportunistic snooping when the phone is briefly left unlocked.

(And in an ideal world, I’d love to be able to have full encryption at rest on all platforms, as proposed in Password protect / lock folder / Encryption at rest - #136 by kris. But password/biometric protection on mobile is already a great first step!)

1 Like

+1

iOS
Android

Could this be circumvented by deleting the action in the actions app?

Is the action protected there?

Of course.

No.

+1
and support native android authentification please

I would love the fingerprint feature to make the login process to obisdian sync easier. You guys almost lost me as a customer because I failed to type my generated password by hand three times copying it from my computer and type it into my phone.
I used the somewhat unsafe version to send me the password in a different way and then copy paste it, but i would strongly suggest that you would at least support login via native android functionality.
next step would be fingerprint/biometric option