-
Notifications
You must be signed in to change notification settings - Fork 40
PIN login lets you log in faster on trusted devices.
Use PIN only on devices you control and trust.
Log in with your username and login password.
Go to:
Set PIN
Enter a PIN.
After PIN is set, you can use it on the same trusted device instead of entering the full username and login password.
PIN is a convenience feature, not a replacement for your master password.
Use a PIN only when:
- the device is trusted
- the browser profile is private to you
- the device storage is protected
- the operating system account is protected
Do not set PIN on shared, public, or unmanaged devices.
PIN login allows only a limited number of attempts. After repeated wrong PIN input, PIN login is disabled automatically for that device.
The UI currently warns that there are only 3 chances.
Open the PIN dialog and choose:
Delete PIN
or use:
Untrust
Untrust removes local trust and logs out.
Go to:
Settings -> Account Activity
The page shows trusted devices and login history. Use the untrust action to disable PIN on a trusted device.
The server-side expiration period is configured in:
src/backend/function/config.php
Setting:
$PIN_EXPIRE_TIME = 7776000;The default value is in seconds.
- Use a non-trivial PIN.
- Do not reuse a bank-card PIN or phone-unlock PIN.
- Remove trust from old devices.
- Keep regular backups.
- Use TOTP-based 2FA for the master account if available.