[Feature] Biometric/FaceID/PIN protection

Platform

[X] iOS
[ ] Android

Obsidian Mobile version: v0.0.15


Would love to see FaceID protection on the app. It’s a decently common feature among other mobile journaling apps, along with a PIN lock for instances when biometric login isn’t working.

It’s not about encrypting the notes or fully protecting a synced vault - more just that it’s usually easier for someone to get into your phone than your computer.

35 Likes

I would like to see that on Android too.

6 Likes

Yes, please — I’d like some security to protect notes in the event the phone is stolen etc.

5 Likes

Here’s another vote for Face ID / Touch ID / PIN option when launching or returning to the app after a configurable time period. I use Day One for journaling and would like to replace it fully with Obsidian, but as long as someone can just tap the app icon to jump straight to my most recent notes if I’ve temporarily handed them my iPhone/iPad, it’s a non-starter.

2 Likes

Platform

[] iOS
[X] Android

I also vote for a way to secure the app, i don’t like the fact that the sensitive information i put in Obsidian is this easy to get access to

1 Like

Yes, please.

2 Likes

+1. Please :pray:

2 Likes

A PIN protection would be sufficient. Our “vault” is not really a vault until we can lock our vault.

A clear and absolute NO to any biometric stuff however - such “cozy” features are phone-exclusive and overkill for an app feature.
Security isn’t something to toy around. I’d hate if scanning faces would become a normality. What said B. Franklin?

“Those Who Sacrifice Liberty For Security Deserve Neither”

1 Like

+1, please

Other thoughts:

  • Allow for PIN that is different from the device PIN/passcode (i.e. do not allow unlocking with device PIN if FaceID fails, user’s choice)
  • Option to set the PIN application-wide or vault-specific
1 Like

Here’s a little shortcut I made that enforces Face ID when opening the Obsidian mobile app on iOS. Just create an automation that runs this shortcut whenever the Obsidian app opens.
https://www.icloud.com/shortcuts/d5f1ae80d7fe4e00bddd1a11bfd0f732

You’ll need to install the free Actions app first to be able to set a global variable.

You could probably make it fancier where it doesn’t authenticate every single time but only if you’ve been away longer than X seconds, but it’s good enough for me for now. You might also be able to combine this with a modified version of the Lock Screen plugin, where if Obsidian is launched with a custom URL parameter after authenticating from the shortcut, it will dismiss the Lock Screen overlay.

2 Likes

A lot of people considering Obsidian ask about this. I agree that it doesn’t have to include at-rest encryption—it would just be a way to keep someone you’ve handed your phone to from opening Obsidian (whether by accident or out of curiosity) and seeing the last note you had open.

5 Likes

+1 for optional PIN & biometric (FaceID / TouchID) protection for app opening. With a configurable time-out from instant to 15 minutes.

Surprising that this isn’t already a feature on the mobile app, as it’s core functionality on all modern Androids and iPhones, and a very common feature on many other note & knowledge management apps. The APIs for biometric protection are sitting there in Android & iOS just asking to be used!

Thanks! :pray: